topic Re: ROO User Privilege & Password in Operating System - HP-UX

ROO User Privilege & Password

Shahbaz_1 — Wed, 27 Feb 2002 11:12:37 GMT

Hi Friends,
I have some queries to be resolved, so please ...
- Can we assign the root privilege to any ordinary unix user, so that he in turn can perform functionality at root level
(use crontab, or rcp etc)?

- How to get back the forgot root password ?(hopefully I'll not but in case, if it is possible)

Thanks & Regards
Syed

Re: ROO User Privilege & Password

Alex Glennie — Wed, 27 Feb 2002 11:27:34 GMT

Check out the utility sudo -> it sounds like it will meet your needs ?

http://www.courtesan.com/sudo/

As to passwords .... you normally have a couple of options :

Use a recovery tape to restore an old /etc/passwd file with a password you can remember

boot into single user mode and change password / edit the password file.

Re: ROO User Privilege & Password

Shahbaz_1 — Wed, 27 Feb 2002 11:57:45 GMT

Hi Alex,
Thanks lot,
things to clarify please ...

Well, sudo utility is the only way to achieve rool level privilage? I mean if root group is assigned to the user, can't he?

About root password:
When we'll boot the system in single user mode, will it not prompt for password to login into the system?

what should we edit in /etc/passwd file
it contains something like
root:xxxxxxxxx:/sbin/sh

Regards
Syed

Re: ROO User Privilege & Password

Bill Hassell — Wed, 27 Feb 2002 12:13:05 GMT

>> Well, sudo utility is the only way to achieve rool level privilage?

No, you can use su but each user would have to know the root password, and that is not desirable.

>> I mean if root group is assigned to the user, can't he?

No. The root group is one of several root groups and most commands require user ID 0 in order to run. Do not be tempted to change an ordinary user to ID 0...there are many dangers there.

>> About root password: When we'll boot the system in single user mode, will it not prompt for password to login into the system?

No. Unless you change the system to a Trusted System, single user mode is unprotected. That is why physical security is very important.

>> what should we edit in /etc/passwd file
it contains something like
root:xxxxxxxxx:/sbin/sh

For sudo, you must download the program from an archive such as the Liverpool archive. There is a man page about how to configure it.

Another alternative is to use SAM's restricted features. See the -r option in the SAM man page.

Re: ROO User Privilege & Password

Alex Glennie — Wed, 27 Feb 2002 12:22:32 GMT

cheers Bill .... got tied up on something here in the UKRC !

Re: ROO User Privilege & Password

Shahbaz_1 — Thu, 28 Feb 2002 04:11:13 GMT

Hi Bill & Alex
Thanks Lot,

Things are clear, except, changing of password file,
after starting the system in single user mode,
what should I edit in /etc/password file?

Please ...
Regards
Syed

Re: ROO User Privilege & Password

Michael Tully — Thu, 28 Feb 2002 04:20:22 GMT

Hi,

You can just use the 'passwd' program to do this in single user mode. All you need to do is to do this.

# passwd root (change the password)
Control-D should now start up multi-user mode. You could edit the password file directly, but there is no need.
If the multi-user doesn't start, use
# init 3 (or 4 depending on your first line in /etc/inittab)
e.g.
init:4:initdefault:

HTH
-Michael

Re: ROO User Privilege & Password

Kenny Chau — Thu, 28 Feb 2002 04:39:16 GMT

Well, you can change the uid of that user to 0 so that he/she will have root privilege. For changing root password, boot to single user mode (no need to enter password) and use command passwd to change the root password.

To boot to single user mode, use hpux -is to boot to single user mode within the ISL prompt.

Hope this helps.
Kenny.