topic Root equivelant in Operating System - HP-UX

Root equivelant

Scott Rope_1 — Mon, 29 Nov 1999 14:02:43 GMT

How can I make a user (my account) have the same privileges as root, ie.. be
able to open sam and reactivate roots password if it gets locked out. Also is
there a way to set root up so that it can be locked out everywhere after three
tries EXCEPT at the system console??

Scott Rope

Re: Root equivelant

Neil Gast_1 — Mon, 29 Nov 1999 14:23:32 GMT

The only way to have the same privileges as root is to be root, or a root
equivalent. Change your UID in the passwd file to 0 (zero), and you're root
automagically from then on.

Sam is a little different than other tools. It does its own checking to see if
the user is a root user. If not, it spits a nice warning message, then exits.
You might be able to wrangle some funky Sam access thru sneaky use of suid
scripts, but I wouldn't recommend it.

As for the three strikes lockout problem, I don't think there is a distinction
made between a console login and some other type of attempt -- probably by
design -- so there's no way to disable lockout for different modes.

MrNeil

Re: Root equivelant

Anthony Goonetilleke_1 — Mon, 29 Nov 1999 14:39:08 GMT

Sam actually works a little easier as you can start sam with a -r which invokes
the restricted SAM builder you can then go in and enable everything for a
particular user. There are a few restrictions that apply but you can get a lot
of functionality for a specific user this way instead of giving them root
access.

Re: Root equivelant

Dan Hull — Mon, 29 Nov 1999 16:47:23 GMT

Actually there is a way to lockout root everywhere but the console - it's
called truting your system. When the system is trusted, any user who fails a
login 3 times gets their account locked, including root. However, root can
still login from the console even when the account is locked.

Re: Root equivelant

Michael Starogardzki_1 — Wed, 01 Dec 1999 07:20:26 GMT

For the special purpouse to logon onto a locked account, it might work to use
the file .rhosts
Assuming that the locked user is named lock and the user, who wants to login on
his accout is named me and the host where both of them resite is called host1
it may look like this:

Before anything goes wrong, create the file .rhosts in the home-directory of
the user (e.g. /home/lock). Insert a line withe the hostname in it and the name
of the user who should have permission to log on for him:
host1 me

Then, if things went wrong, and the user 'lock' has been locked, use 'me' could
use the rlogin-statement to login for him.

rlogin host1 -s lock

If 'me' and 'lock' reside on different hosts, the host of 'me' should be in the
/etc/hosts.equiv of host1 (lock's host).

It even works with the user 'root', but beware that a .rhosts file in the
home-directory of root is a security leak! DO NOT GIVE TOO MUCH READ OR
WRITE-PERMISSIONS to the .rhosts-file

I do not really know, if it even works on a trusted system (mail me, if it
does)

Good luck

Mike