https://community.hpe.com/t5/operating-system-hp-ux/user-deletion-script-for-use-by-non-root-users/m-p/4864994#M397346 You can get sudo from,<BR /><A href="http://gatekeep.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.7p5/" target="_blank">http://gatekeep.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.7p5/</A><BR /><BR />Configure sudoers to particular user to get root access to delete user account.<BR /><BR />Another way will be with .rhosts file,<BR /><BR /> $ROOTHOME/.rhosts<BR /> localhost.domainname.com <USER><BR /><BR /> so that particular user sends remsh / rexec execution to localhost with root user to delete that users. IT is easy to do it.<BR /><BR /> Configure root users .rhost with root user for the allowed users there to do action. But it give the root access to execute anything on your machine. [ Avoid this ]<BR /><BR />HTH.<BR /><BR /> <BR /></USER> Tue, 12 Oct 2004 04:46:30 GMT Muthukumar_5 2004-10-12T04:46:30Z https://community.hpe.com/t5/operating-system-hp-ux/user-deletion-script-for-use-by-non-root-users/m-p/4864990#M397342 Hi<BR /><BR />Every day, I get a list of users to delete passed to me from our Helpdesk people. While I know that this is a quick "userdel -r" to get rid of each of them, it is still an extra step in our security process which i'd like to consolidate.<BR /><BR />Our Helpdesk already delete all the users application and other OS accounts and they also set up the HP-UX users, so i'd like them to be able to remove the HP-UX accounts also.<BR /><BR />I realise that there are inherent dangers with this and I wondered if anyone had a good way to go about this.<BR /><BR />Any Help Appreciated<BR /><BR />Michael Tue, 12 Oct 2004 04:22:28 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-deletion-script-for-use-by-non-root-users/m-p/4864990#M397342 Michael Campbell 2004-10-12T04:22:28Z https://community.hpe.com/t5/operating-system-hp-ux/user-deletion-script-for-use-by-non-root-users/m-p/4864991#M397343 use sudo to give selected commands right to other users. You can use restricted sam as well.<BR /><BR />Sunil Tue, 12 Oct 2004 04:30:27 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-deletion-script-for-use-by-non-root-users/m-p/4864991#M397343 Sunil Sharma_1 2004-10-12T04:30:27Z https://community.hpe.com/t5/operating-system-hp-ux/user-deletion-script-for-use-by-non-root-users/m-p/4864992#M397344 Hi Michael,<BR /><BR />'Sudo' is the best way. Search the forums on how to download it.<BR /><BR />Another way is to setup 'restricted SAM'. RUn 'sam -r' as root and give access to only those areas that you want the users to run.<BR /><BR />Becareful while setting up 'sudoers' file for sudo as you can inadvertantly open up security holes.<BR /><BR />-Sri Tue, 12 Oct 2004 04:35:54 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-deletion-script-for-use-by-non-root-users/m-p/4864992#M397344 Sridhar Bhaskarla 2004-10-12T04:35:54Z https://community.hpe.com/t5/operating-system-hp-ux/user-deletion-script-for-use-by-non-root-users/m-p/4864993#M397345 Write your script with associated checks for a vlaid username (not root, etc) and perform the userdel within the script. It should only run as root (*NO* suid). The use sudo for the helpdesk people to run the script. There is no such thing as a secure suid script, so use sudo (sudoers file) to limit what scripts and commands the helpdesk can use. Tue, 12 Oct 2004 04:39:49 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-deletion-script-for-use-by-non-root-users/m-p/4864993#M397345 Bill Hassell 2004-10-12T04:39:49Z https://community.hpe.com/t5/operating-system-hp-ux/user-deletion-script-for-use-by-non-root-users/m-p/4864994#M397346 You can get sudo from,<BR /><A href="http://gatekeep.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.7p5/" target="_blank">http://gatekeep.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.7p5/</A><BR /><BR />Configure sudoers to particular user to get root access to delete user account.<BR /><BR />Another way will be with .rhosts file,<BR /><BR /> $ROOTHOME/.rhosts<BR /> localhost.domainname.com <USER><BR /><BR /> so that particular user sends remsh / rexec execution to localhost with root user to delete that users. IT is easy to do it.<BR /><BR /> Configure root users .rhost with root user for the allowed users there to do action. But it give the root access to execute anything on your machine. [ Avoid this ]<BR /><BR />HTH.<BR /><BR /> <BR /></USER> Tue, 12 Oct 2004 04:46:30 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-deletion-script-for-use-by-non-root-users/m-p/4864994#M397346 Muthukumar_5 2004-10-12T04:46:30Z https://community.hpe.com/t5/operating-system-hp-ux/user-deletion-script-for-use-by-non-root-users/m-p/4864995#M397347 Thanks Everyone.<BR /><BR />I think i'll go with restricted SAM.<BR /><BR />Regards<BR /><BR />MIchael Tue, 12 Oct 2004 05:44:24 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-deletion-script-for-use-by-non-root-users/m-p/4864995#M397347 Michael Campbell 2004-10-12T05:44:24Z