HPE Community
Operating System - HP-UX
1753852 Members
7754 Online
108808 Solutions
New Discussion юеВ

hp-ux adm group

 
SOLVED
Go to solution
kholikt
Super Advisor

тАО07-18-2002 09:22 PM

тАО07-18-2002 09:22 PM

hp-ux adm group

Just wondering if I assign a person to the default adm group for hp-ux 11.00, what kind of system maintenance this user is allowed. I do want to assign a uid of 0
abc
0 Kudos
Reply
7 REPLIES 7
Steven Sim Kok Leong
Honored Contributor

тАО07-18-2002 09:33 PM

тАО07-18-2002 09:33 PM

Solution

Re: hp-ux adm group

Hi,

Use find to identify:
1) the system logs this group can read
2) the system binaries this group can execute, etc.

# find / -group adm -print

Hope this helps. Regards.

Steven Sim Kok Leong
Reply
Misa
Frequent Advisor

тАО07-18-2002 09:38 PM

тАО07-18-2002 09:38 PM

Re: hp-ux adm group

As best I know, HP-UX doesn't support the "group membership = syadm privs" paradigm that some other unices do. But I don't tend to use that type of thing even where supported, so it may be there and I've never known it.

If you want to hand out limited sysadmin privileges to someone else, my suggestions are SAM (especially for someone who's not experienced) or sudo (an open source piece of software that you can download, configure, and install).

--M????a
Reply
Michael Tully
Honored Contributor

тАО07-18-2002 09:38 PM

тАО07-18-2002 09:38 PM

Re: hp-ux adm group

I would not set up any user to use the 'adm' account. If you wish a user to have any sort of super user capabilities, install the 'sudo' tool. It is widely known and utilised. You can get an already compiled version from the porting centre:

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.2b1/

Please make sure to assign point to people who assist you. They do so using their own free time and resources, your record of 57 from 255 is not good.
Anyone for a Mutiny ?
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

тАО07-18-2002 09:41 PM

тАО07-18-2002 09:41 PM

Re: hp-ux adm group

Hi,

To be precise:

1) the system logs etc. this group can at least read

# find / -group adm -perm -0040 -exec ll {}\;

2) the system binaries etc. this group can execute

# find / -group adm -perm -0010 -exec ll {} \;

Hope this helps. Regards.

Steven Sim Kok Leong
Reply
Sukant Naik
Trusted Contributor

тАО07-18-2002 09:58 PM

тАО07-18-2002 09:58 PM

Re: hp-ux adm group

Hi,

I dont know how much relevant my answer will be for this question ..


I use sudo to give you privileges to any user for doing system admin task. It gives my flexibility of creating a sudo groups with sysadmin commands.

Just my two cents.

-Sukant
Who dares he wins
Reply
Bart Beeren
Advisor

тАО07-19-2002 12:16 AM

тАО07-19-2002 12:16 AM

Re: hp-ux adm group

Do not assign the person the uid of 0. This will automatically give the person root-priviliges.

If you want to give some admin rights to a person you better use the sudo functionality as mentioned by other members before.

BB
Life isn├В┬┤t as simple as it seems
Reply
Peter Kloetgen
Esteemed Contributor

тАО07-19-2002 12:24 AM

тАО07-19-2002 12:24 AM

Re: hp-ux adm group

Hi Kholikt,

If you want a user with full root access, he needs defininetely the UID 0. HP-UX checks permissions internal not with usernames, but with UIDs and GIDs. What you should do, is to create a user with useradd- command and modifiy his account after:

useradd -w -d /username -s /sbin/sh user_name

Then vi your /etc/passwd file, change the UID of your created user to 0. That's it, your new user has full root access. Remember, the root user should have /sbin/sh and no POSIX shell like normal users get, and a home directory in root file system.

Another possibility to create a user who is allmost root:

sam -r

and you can the build a SAM for normal users, you can chose what functions of SAM they can use.

Allways stay on the bright side of life!

Peter
I'm learning here as well as helping
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.