https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792197#M80022 Ollie,<BR /><BR />SUID scripts WILL work provided certain rules are followed. USe #!/sbin/sh as the first line, set path to trusted paths (i.e. PATH=/usr/bin:/usr/sbin), and chmod 4755.<BR /> Fri, 23 Aug 2002 12:24:49 GMT Tom Danzig 2002-08-23T12:24:49Z https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792188#M80013 Hi ALL:<BR /><BR />Oracle DBA is working on express server installtion. He says he needs to login as root to shutdown and startup the express server. The script checks if the user is not root i terminates. The documentation says the user should logon as root to run the startup script.<BR /><BR />We do not like anyone to get the root password. Is there any work around on this?<BR /><BR />Thanks<BR /><BR /> Thu, 22 Aug 2002 19:11:05 GMT https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792188#M80013 sheevm 2002-08-22T19:11:05Z https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792189#M80014 Raji,<BR /><BR />Install sudo which allows you to give root access to normal users. Search for sudo in HP software public domain as well as in this forum for more info.<BR /><BR />Hai Thu, 22 Aug 2002 19:15:11 GMT https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792189#M80014 Hai Nguyen_1 2002-08-22T19:15:11Z https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792190#M80015 Hi,<BR /><BR />You can use sudo, free &amp; downloadable from hp porting site to give your access to commands that can be run as root.<BR /><BR /><A href="http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.6/" target="_blank">http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.6/</A><BR /><BR />Or you can use licensed softwares like powerbroker, trial download available from their website,<BR /><A href="http://www.symark.com" target="_blank">http://www.symark.com</A><BR /><BR />Hope this helps.<BR /><BR />Regds<BR /> Thu, 22 Aug 2002 19:17:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792190#M80015 Sanjay_6 2002-08-22T19:17:01Z https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792191#M80016 sudo or super<BR /><BR /><A href="http://hpux.cs.utah.edu/" target="_blank">http://hpux.cs.utah.edu/</A><BR /><BR />Sachin Thu, 22 Aug 2002 19:18:05 GMT https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792191#M80016 Sachin Patel 2002-08-22T19:18:05Z https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792192#M80017 Yup, like the other person said, SUDO is the way to go. Why?<BR />sudo allows users to "su" to any other account provided that they have access to do so (defined by root).<BR />SUDO supports ACL's, aliases, extensive logging, and more.<BR /><BR />I use sudo daily as engineers have to be able to mount cdroms in hp-ux. (get with it HP, vold is where it's at he hem). I wrote a script that lets them mount a cdrom, and umount the cdrom, so no more phone calls and whining! ;)<BR /><BR />Regards,<BR />Shannon Thu, 22 Aug 2002 19:19:54 GMT https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792192#M80017 Shannon Petry 2002-08-22T19:19:54Z https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792193#M80018 You could make the startup script SUID root<BR /><BR />chown root:bin &lt;scriptname&gt;<BR />chmod 4755 &lt;scriptname&gt;<BR /><BR />Not the wisest idea for security, however, it's better than giving out the root password in my opinion. Thu, 22 Aug 2002 19:30:25 GMT https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792193#M80018 Tom Danzig 2002-08-22T19:30:25Z https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792194#M80019 I would use the SUID script as well.<BR /><BR />Turn the startup and shutdown commands into a script.<BR /><BR />startexpress.sh<BR />stopexpress.sh<BR /><BR />chown root:<DBA group=""> startexpress.sh <BR />chmod 4550 startexpress.sh<BR /><BR />====<BR /><BR />I tired to do a little more research on the Orale side about Express Server .. and everything I can find also says that the 'Service' has to be started as root.<BR /><BR />Steve</DBA> Fri, 23 Aug 2002 03:28:34 GMT https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792194#M80019 SteveKirby 2002-08-23T03:28:34Z https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792195#M80020 Hi Raji,<BR /><BR />Using setuid on shell scripts does not work. This is a security loophole that was closed many years ago. Setuid only works on binaries. (To prove, try running a root-setuid script as another user that does an "id" command or a "whoami" command).<BR /><BR />As far as I can see you need to do 2 things:<BR /><BR /> * create or use a DBA user on your system and add this to /etc/shutdown.allow - a standard feature of HP-UX<BR /><BR /> * use SUDO (or some other equivalent) to run the ORACLE installation - indeed you must be root to run the installation<BR /><BR />Hope this helps,<BR /><BR />Ollie. Fri, 23 Aug 2002 04:21:25 GMT https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792195#M80020 Ollie R 2002-08-23T04:21:25Z https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792196#M80021 In a previous thread, "asroot" type command was requested.<BR />I suugested a solution we use here,i.e. have a C program that callls the script.<BR />the binary will be ownned by root with setuid bit. <BR />+ use ACL to protect the binary.<BR /><BR />check :<BR /><A href="http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x4b0857bd90a9d611abdb0090277a778c,00.html" target="_blank">http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x4b0857bd90a9d611abdb0090277a778c,00.html</A><BR /><BR />Jean-Luc Fri, 23 Aug 2002 07:22:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792196#M80021 Jean-Luc Oudart 2002-08-23T07:22:37Z https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792197#M80022 Ollie,<BR /><BR />SUID scripts WILL work provided certain rules are followed. USe #!/sbin/sh as the first line, set path to trusted paths (i.e. PATH=/usr/bin:/usr/sbin), and chmod 4755.<BR /> Fri, 23 Aug 2002 12:24:49 GMT https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792197#M80022 Tom Danzig 2002-08-23T12:24:49Z https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792198#M80023 Install sudo then set up this user so that he can only execute the startup and shutdown scripts.<BR /><BR />Sudu runs the command as root, but the user never has the root password.<BR /> Fri, 23 Aug 2002 12:57:12 GMT https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792198#M80023 Sean OB_1 2002-08-23T12:57:12Z https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792199#M80024 sudo is one solution, you have been given a lot of suggestions on this; another one is SCM, which supported by HP, you can find the details from <BR /><BR /><A href="http://www.docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B8339-90030/B8339-90030_top.html&amp;con=/hpux/onlinedocs/B8339-90030/00/00/7-con.html&amp;toc=/hpux/onlinedocs/B8339-90030/00/00/7-toc.html&amp;searchterms=scm&amp;queryid=20020823-070205" target="_blank">http://www.docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B8339-90030/B8339-90030_top.html&amp;con=/hpux/onlinedocs/B8339-90030/00/00/7-con.html&amp;toc=/hpux/onlinedocs/B8339-90030/00/00/7-toc.html&amp;searchterms=scm&amp;queryid=20020823-070205</A><BR /> Fri, 23 Aug 2002 12:57:59 GMT https://community.hpe.com/t5/operating-system-hp-ux/root-access/m-p/2792199#M80024 Victor_5 2002-08-23T12:57:59Z