topic Re: Please help about the root question in Operating System - HP-UX

Please help about the root question

Chin Meng — Fri, 01 Dec 2000 03:54:59 GMT

Dear all HPUX experts,

I have a question about the root. I understand that as a root only has one password, but I am believe that has their way to configure one root may have two or more login as root and giving the difference passwords. I am novice in HPUX. I used the command "who" and found that the current system had two roots and two operator login into the system but given different pts/???. I do not know what does the pts/??? means?

operator pts/tb Nov 30 17:14
root pts/1 Nov 25 14:50
root pts/tc Dec 1 07:35
operator pts/td Dec 1 07:52

Thank you all experts in advance.

Re: Please help about the root question

Bruce Regittko_1 — Fri, 01 Dec 2000 04:37:58 GMT

Hi,

You must be running CDE, the GUI interface. Each window that is open is treated as a separate terminal and therefore as a separate login, which is why who is reporting each one although root is most likely only logged in once.

The pts entries refer to the device file used by the window. The device file for the psuedo terminal would be /dev/pts/X where X is an instance number.

You are right that root (and any other account) can only have one password. One way to get around this is to have two accounts with the same UID number. (The UID number is recorded in the third field of the /etc/passwd file.) Thus, if another account has a UID of zero, that account would also have root privileges even though it could have a different password. In effect, there is one account with two names, two passwords, two home directories, etc. Both account would own the same files, though.

Note, that having a "backdoor" account with UID 0 is a major security risk. Now potential crackers have two accounts to attack instead of one.

Hope this helps you out. If not, let me know what is still unclear and I will try again,

--Bruce

Re: Please help about the root question

thinphony — Fri, 01 Dec 2000 05:45:39 GMT

Hi,
Bruce is right.
In short, when you activate multi terminal windows in a workspace, there would be multi lines like pts/1 .. in the who output.
If you change a user's id to 0 in the /etc/passwd file, the user will have root privillage.

Thinphony

Re: Please help about the root question

thinphony — Fri, 01 Dec 2000 05:45:53 GMT

Hi,
Bruce is right.
In short, when you activate multi terminal windows in a workspace, there would be multi lines like pts/1 .. in the who command output.
If you change a user's id to 0 in the /etc/passwd file, the user will have root privillage.

Thinphony

Re: Please help about the root question

Dan Hetzel — Fri, 01 Dec 2000 06:26:39 GMT

Hi,

I totally agree with Bruce. Having more than one account with UID (user ID) 0 is a major security risk.
It's just like having a safe with two or more doors. Would you really put all your money in such a safe ??

If you want to give other people some root privileges, consider using 'sudo' which is a really nice utility. It has the advantage of logging all commands so you'll still be able to tell WHO did WHAT on your system.

Here is the link to the main page:
http://www.courtesan.com/sudo/sudo.html

Best regards,

Dan

Re: Please help about the root question

Chin Meng — Fri, 01 Dec 2000 09:08:26 GMT

Thank you for all helping me.

Thank you to Bruce.

What is the CDE? Meaning now, the system has been configured in two guys could login the system with their own password, right? How is the other guy have changed the root password, is that the second guy will be effected with problem login his password as a root?

How for me to know who is who?
How to change it back to default?
Where to check the UID?

Thank you so much for all experts.

Re: Please help about the root question

Rainer_1 — Fri, 01 Dec 2000 11:24:03 GMT

root has the UID 0 as defined in /etc/passwd
CDE is the Common Desktop Environment used on graphical displays (usually workstations but also available at servers with graphic cards)
To have a closer look for who is who type

who -T

this will show at the end of each line from where the login comes.

Re: Please help about the root question

Dan Hetzel — Fri, 01 Dec 2000 11:53:54 GMT

Hi,

If you want to avoid people to login as root from any terminal other than the system console, simply create the file (as root) /etc/securetty with the single line 'console' in it.
This can be done simply as follows:
# echo console > /etc/securetty

By doing this, you would force people to use their own login, and to use 'su' or 'sudo' when they want root privileges. In that case, you'll be able to trace what people are doing.

Dan