topic Create a new super user in the Unix Server in Operating System - HP-UX

Create a new super user in the Unix Server

AliceTan — Sat, 19 Nov 2016 03:28:59 GMT

Hi,

May i know that is there any way that i create a new user call 'root2' and set it having the highest privileges and change the 'root' user to normal user permission?

Thanks You.

Re: Create a new super user in the Unix Server

Steven Schweda — Sat, 19 Nov 2016 03:53:14 GMT

It might help if you explained the actual problem which you are
trying to solve, instead of asking how to implement some particular
"solution" to that problem.

In general, fiddling with "root" is probably a very bad idea. Too
much software has expectations.

Re: Create a new super user in the Unix Server

AliceTan — Sat, 19 Nov 2016 09:14:52 GMT

Hi Steven,

The problem that i am facing now is i want to restrict the root user to access some file in the server.

Because some user is need to login root to do some administration job for example, kill process, add user, etc.

But there is some files is confidential and need to restrict to only one user can access.

So i am thinking is that anyway to create another user called 'root2' then change it to super user and the original root change it to normal user.

Because i do not want to change the root password because there is some job like kill process, i can allow other user to do instead of me.

Thanks You.

Re: Create a new super user in the Unix Server

Steven Schweda — Sat, 19 Nov 2016 14:07:44 GMT

> Because some user is need to login root to do some administration job
> for example, kill process, add user, etc.

There's a program called "sudo" which is intended to make it possible
for non-"root" users to do tasks which require privilege, without
needing the "root" password. The latest version should be available
from:

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/

I don't use it much, but I gather that there's a configuration file
("/usr/local/etc/sudoers"?) which specifies who can do what.

> So i am thinking is that anyway to create another user called 'root2'
> then change it to super user and the original root change it to normal
> user.

I can see how changing the name of the only privileged user could
_cause_ new problems, but I don't see how it could _solve_ any problems.

Re: Create a new super user in HP-UX

Dennis Handly — Sun, 20 Nov 2016 04:47:16 GMT

You can create as many super users as you want but not a good practice. Each will have UID 0, which is the magic.

If you fiddle with root, then it won't be able to do anything. I.e. as part of "kill process, add user, etc.", it allows access to files.

There is one other way, if the files you want to protect are over NFS, you can use the "root is less than dirt" option.

But as Steven said, sudo or another RBAC is what you want.