topic Re: User with Admin Rights in Operating System - HP-UX

User with Admin Rights

Suriya Prakash — Mon, 22 Nov 2010 06:13:03 GMT

Hi,

I want to create a user with admin rights.
I dont want to use root for all the cases.
I need a user with all admin rights.
The user can able start and stop the application, start and stop the oracle packages, shutdown or restart the server, etc..
pls guide me....

Thanks,
Suriya

Re: User with Admin Rights

Jayakrishnan G Naik — Mon, 22 Nov 2010 06:27:04 GMT

Hi Suriya,

You can do this by creating another user with uid 0.

There is an option "-o" for creating users with non unique user ids

useradd
-o Allow the UID to be non-unique (that is, a duplicate).

Hope this helps.... if helpful give appropriate points.

Thanks & Regards
Jayakrishnan G Naik

Re: User with Admin Rights

Suriya Prakash — Mon, 22 Nov 2010 06:33:55 GMT

Hi,

Thanks for the reply.

If i create the user with the id 0.

what about the root user with id 0.

and tell me the full command to create the user with admin rights bcoz i'm new to unix.

Thanks,
Suriya.

Re: User with Admin Rights

Jayakrishnan G Naik — Mon, 22 Nov 2010 06:51:33 GMT

Hi Suriya,

# useradd -u 0 -o -g (group id) -d /home/user -m -s /bin/sh username

-u uid
-g gid
-d home directory
-m create the home directory for the new login
-s login shell

set the values for "(group id), /home/user , /bin/sh , username " etc depending on your need and environment.

>>New to unix
Manpages for the commands are always useful, and you can develop a habit to read manpages which can solve many doubts.

Thanks & Regards
Jayakrishnan G Naik

Re: User with Admin Rights

Suriya Prakash — Mon, 22 Nov 2010 06:58:22 GMT

Thanks Jayakrishnan,

If i create the user with uid 0.

the root user will take which uid.

Thanks,
Suriya.

Re: User with Admin Rights

Jayakrishnan G Naik — Mon, 22 Nov 2010 07:02:54 GMT

Hi Suriya,

root user always use uid 0 and the -o option allows you to use duplicate uid
for another user. It means you can create multiple users with same uid.

Please read my first reply which clearly tells what more on the option
" -o"

Please assign appropriate points to the replies.

Thanks & Regards
Jayakrishnan G Naik

Re: User with Admin Rights

Suriya Prakash — Mon, 22 Nov 2010 07:05:05 GMT

Thanks Jayakrishnan.

Re: User with Admin Rights

Dennis Handly — Mon, 22 Nov 2010 09:22:40 GMT

Instead of two superusers, you may want to look into sudo or RBAC that allow other users to do a carefully tailored list of root tasks.

Re: User with Admin Rights

Suriya Prakash — Mon, 22 Nov 2010 09:25:59 GMT

Hi,

I try the two super user option, it was not working. its not able to process even the swlist command. Pls tell me to configure sudo or RBAC which one is better.

Thanks,
Suriya.

Re: User with Admin Rights

Dennis Handly — Mon, 22 Nov 2010 09:35:52 GMT

>I try the two super user option, it was not working.

This can't fail if you set it up correctly. If not trusted, vipw(1m) can do it. What does id(1) show?

>tell me to configure sudo or RBAC which one is better.

You need to download both, one form the porting center and one from HP.
You can search for more threads on the two:
http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=805956
http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1238372

Re: User with Admin Rights

Suriya Prakash — Mon, 22 Nov 2010 09:56:46 GMT

Hi,

I create the user like this

# useradd -u 0 -o -m -s /bin/sh admin

but its not working, unable to list the softwares using swlist, its not process the cmviewcl command.
Is there is any mistake in the above command.
Pls inform me.

check the below result of cat /etc/passwd for the user admin.
admin:UAXJtsEWLA5uw:0:20::/home/admin:/sbin/sh

Unable to delete the user account, check the below result.

# userdel -r admin
Login admin is currently in use
#

Thanks,
Suriya.

Re: User with Admin Rights

Pete Randall — Mon, 22 Nov 2010 11:25:34 GMT

As specified, your command will add a user with uid 0, but no default group and no password. At the very least, you need to specify the group to be sys and supply a password.

Pete

Re: User with Admin Rights

Ismail Azad — Mon, 22 Nov 2010 11:40:05 GMT

Suriya,

If the admin account is already created, then you cannot use useradd and besides the command in your query says /bin/sh rather than /sbin/sh
.

Anyways, answer to your question "login currently in use"

This means you have not exited from the session gracefully and the session is still running. Execute the following commands to delete the user.

ps -ef | grep -i admin
kill -9
and then userdel...

This will remove the account!!. Do assign points if it is helpful.

Re: User with Admin Rights

Dennis Handly — Mon, 22 Nov 2010 11:42:45 GMT

>unable to list the software using swlist,

What does "id" show? Did you try logging in again?

># userdel -r admin
>Login admin is currently in use

As admin logged on? If not, that's why you don't add duplicate users. You'll need to use vipw(1m) to remove.

>Pete: As specified, your command will add a user with uid 0, but no default group and no password.

The passwd entry seems to have those.

Re: User with Admin Rights

Pete Randall — Mon, 22 Nov 2010 12:12:43 GMT

Dennis,

You're right. I didn't see that. However, the group is 20 and I think it ought to be 3 and, like you, I would really like to see the output of the "id" command.

Pete

Re: User with Admin Rights

Suriya Prakash — Mon, 22 Nov 2010 12:29:13 GMT

Hi,

How to specify the group and passwd.
which group should i specify.
pls reply with example.

Thanks,
Suriya.

Re: User with Admin Rights

Jayakrishnan G Naik — Mon, 22 Nov 2010 12:33:57 GMT

Hi suriya,

Is your system a trusted system?
you can check this by searching a directory named /tcb in root. If there is a directory like that it means system is trusted.

As mentioned by Handly you need to use vipw to modify passwd file if the system is trusted.

># userdel -r admin
>Login admin is currently in use
Have you logged in with user "admin"? either by su or by normal login?if you are logged in you cannot remove the logged in user.

If the system is not trusted you try to modify the user group details with usermod. Use the same group as root. Set proper password. and then try logging in. It worked for me when ever used.

usermod -g 0 admin
-g group
An existing group's integer ID or character-string name. It redefines the user's primary group membership. This option is ignored if the login is administered by the Network Information Service (NIS).

Regards
Jayakrishnan G Naik

Re: User with Admin Rights

Jayakrishnan G Naik — Mon, 22 Nov 2010 12:36:15 GMT

Hi Suriya
The following command helps to change the password and you can set a new passwd with this command

#passwd admin

Regards
Jayakrishnan G Naik

Re: User with Admin Rights

Dennis Handly — Mon, 22 Nov 2010 12:43:01 GMT

>Jayakrishnan: As mentioned by Handly you need to use vipw to modify passwd file if the system is trusted.

Actually I was saying the opposite. If it isn't trusted, you can use vipw to just copy entries and passwords.

>if you are logged in you cannot remove the logged in user.

For 11.31 there is -F and vipw(1m) doesn't care.

Re: User with Admin Rights

Jayakrishnan G Naik — Mon, 22 Nov 2010 12:57:39 GMT

Ok Handly,

Thanks for the correction & Sorry for the confusion.

Suriya,

If the system is not trusted (/tcb dont exist)then go ahead with changing the group to 0 and setting a passwd. Do this with your original root login.

usermod -g 0 admin
passwd admin

connect to the system using another session and try logging in with admin. see if there are any errors. see whether you have all privileges.

Hope you are using duplicate root as there is no other alternative. This is actually a
security flaw.

Regards
Jayakrishnan G Naik