topic Re: root passwd in Operating System - HP-UX

root passwd

SSP_1 — Thu, 13 Dec 2001 09:33:35 GMT

Hi All,
Just came to know with a starnge discovery....would like ur comments on the same.

If I created a login with uid "0" say toor and after logging with this "toor" id if I am going to change the passwd with only "passwd" command, it changes the root passwd also. Is it so? how to restrict?

Re: root passwd

Duncan Edmonstone — Thu, 13 Dec 2001 09:38:26 GMT

... don't let anyone create an account with UID 0!

I am assuming the proble here is that you have some utility which allows non-root users to add users to the system/change passwords etc. Any utility which allows you to do this, should prevent the assignment of UID 0 for a new user, and prevent the change of passwords for any account with UID 0.

If the problem is others who do not understand this who have access to the root account to create/change accounts - well you have a bigger problem!

HTH

Duncan

Re: root passwd

Steven Sim Kok Leong — Thu, 13 Dec 2001 09:41:04 GMT

Hi,

The superuser root account also uses the uid of 0. A superuser, whose effective user ID is zero is allowed to change any password and is not forced to comply with password aging.

Hope I interpreted your question correctly and this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com

Re: root passwd

SSP_1 — Thu, 13 Dec 2001 09:41:30 GMT

Hi Duncan,

It's me only who has created this "toor" login, equivalent root id. So that if something goes wrong with root , I may not die.

Re: root passwd

Deepak Extross — Thu, 13 Dec 2001 09:41:55 GMT

UID 0 is reserved exclusively for root!!
Make sure your /etc/passwd file reflects this correctly, or you're just asking for trouble.

Re: root passwd

Duncan Edmonstone — Thu, 13 Dec 2001 09:49:13 GMT

As Deepak says, having another account with UID 0 is asking for trouble, and I wouldn't advise doing what you are proposing... but if your determined to do it, rather than creating the user and setting a password in the normal way, just use 'vipw' and copy and paste the root acccount onto the last line, then change the user name... you now have another account the same as root, with the same password.

Of course it won't work if you are running as a trusted system.

HTH

Duncan

Re: root passwd

SSP_1 — Thu, 13 Dec 2001 09:56:53 GMT

Friends,

But if I am login into the system with id "toor" and then issuing "passwd" command why is it changing the passwd for "root" and not specifically for "toor" id.

Re: root passwd

Duncan Edmonstone — Thu, 13 Dec 2001 10:05:35 GMT

Because root is the first UID 0 entry in the /etc/passwd file... (I think) If you want to test this out, try moving the toor user to the top of your passwd file and try again - all the usual caveats about having another 'logged in' session available apply... remember to change this back when your done.

HTH

Duncan

Re: root passwd

Eugen Cocalea — Thu, 13 Dec 2001 10:06:57 GMT

Hi,

This is because the 'passwd' command is not based on the username but on id of the user.

Actually, usernames is just the 'friendly' part of the SO, all operations should be done based on id of the user. Most of the programs do so.

E.

Re: root passwd

SSP_1 — Thu, 13 Dec 2001 10:08:25 GMT

thanks dungen / eugen,

I gotta it.....

Re: root passwd

Steven Sim Kok Leong — Thu, 13 Dec 2001 10:25:52 GMT

Hi,

This is from the man pages:

man passwd:

The passwd command modifies the password as well as the attributes associated with the login name. If name is omitted, it defaults to the invoking user's login name, which is determined using getlogin(3C).

man getlogin:

The getlogin() function can be used in conjunction with getpwnam() to locate the correct password file entry when the same user ID is shared by several login names.

If passwd uses getpwnam () (I am not sure if it uses it), then given that the user ID (uid) is 0 and is shared by several login names (ie. root and toor), then getpwnam () should return the correct passwd file entry for toor.

Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com