topic Re: root password in Operating System - HP-UX

root password

kacou — Wed, 16 Jul 2008 13:38:03 GMT

Is it possible to rename the root password and give it to another administrator. After doing his job,is it possible to use again the old passord?

Re: root password

Torsten. — Wed, 16 Jul 2008 13:40:05 GMT

Use "passwd" to change the password, once the job is done, use passwd to change it back (if system is untrusted without keeping pwd history).

Re: root password

Kenan Erdey — Wed, 16 Jul 2008 13:44:32 GMT

or give root access with sudo. once job is done take the privilege back.

Re: root password

Jeeshan — Wed, 16 Jul 2008 16:13:50 GMT

its not a good practice to give anyone the root password unless he has administrative member.

in your scenario after changing the password and after than revert to previous password, it depends upon your password re-usage settings in password security section.

you can find the password re-usage options in SAM.

Re: root password

Sajjad Sahir — Wed, 16 Jul 2008 17:13:27 GMT

Dear Kacau

I got u question
first clarification there is renaming of passwd
the only option is change the passwd
by using passwd command
second thing once u given passwd u can use
old passwd by againg changing to the old one
at a time there is no option to use two passwd(Is it possible to rename the root password and give it to another administrator. After doing his job,is it possible to use again the old passord)
ok
for changing passwd command is passwd
ok

Re: root password

Robin T. Slotten — Thu, 17 Jul 2008 11:57:10 GMT

An alternative is to create another user (roottmp) with a UID of 0 (zero). This user will effectively be root. When (s)he is finished, delete the roottmp user. As pointed out previously, be certain you trust this temporary user.

Rob...

Re: root password

MarkSyder — Thu, 17 Jul 2008 12:58:03 GMT

DO NOT create a temporary user with UID 0! When you delete that user you will delete all files belonging to UID 0; i.e. root. You will then not have a server, you will have a large paperweight.

Mark Syder (like the drink but spelt different)

Re: root password

Robin T. Slotten — Thu, 17 Jul 2008 13:36:15 GMT

I respectfully disagree. If you remove the user using sam, sam is smart enough to see the duplicate UID (which it also noted when it was created) and will not allow the files to be removed or reallocated to another user. This was tested on a secure system.

On an non-secure system, you can edit /etc/passwd directly and copy the root entry and edit it. Just clear the password field, save the /et/passwd file and immeadiately change the roottmp password. I have used this method to give access to HP engineers when working on the system. You can just delete the line in /etc/passwd to remove the temporary user.

Rob...

Re: root password

MarkSyder — Fri, 18 Jul 2008 05:55:08 GMT

Robin,

If you're going to advise someone to set up a user with UID 0 you should have warned him about the pitfalls and the appropriate way to delete that user straight away.

Mark

Re: root password

Sridhar R — Fri, 18 Jul 2008 09:47:07 GMT

Hey,

why dont you change the roottmp's id to some other non-existent id with the help of usermod command,

which will make him as an ordinary user
and then u can remove the user.

This is also an option!

Thanks!

Re: root password

Robin T. Slotten — Mon, 21 Jul 2008 11:39:12 GMT

Mark,
Your points are well taken. To be quite honest, I have never had a problem creating a second root account in 16 years of working with HP-UX. Maybe I have been lucky. I seldom use SAM, so that may be my saving grace. Certainly having multiple root accounts has risks and those must be taken into account. There are situations where this may be warranted such as giving a CE a temporary account so you do not have to expose your normal root password while he is looking over your shoulder. For our normal administration, we lock down root to the console and SysAdmins have to log in with their own account and su to root thus allowing accountability in the /var/adm/sulog.