HPE Community
Operating System - HP-UX
1753792 Members
7307 Online
108799 Solutions
New Discussion

Create a new super user in the Unix Server

 
AliceTan
Occasional Visitor

‎11-18-2016 07:28 PM

‎11-18-2016 07:28 PM

Create a new super user in the Unix Server

Hi, 

May i know that is there any way that i create a new user call 'root2' and set it having the highest privileges and change the 'root' user to normal user permission?

Thanks You. 

 

0 Kudos
Reply
4 REPLIES 4
Steven Schweda
Honored Contributor

‎11-18-2016 07:53 PM

‎11-18-2016 07:53 PM

Re: Create a new super user in the Unix Server

   It might help if you explained the actual problem which you are
trying to solve, instead of asking how to implement some particular
"solution" to that problem.

   In general, fiddling with "root" is probably a very bad idea.  Too
much software has expectations.

0 Kudos
Reply
AliceTan
Occasional Visitor

‎11-19-2016 01:14 AM

‎11-19-2016 01:14 AM

Re: Create a new super user in the Unix Server

Hi Steven, 

The problem that i am facing now is i want to restrict the root user to access some file in the server. 

Because some user is need to login root to do some administration job for example, kill process, add user, etc. 

But there is some files is confidential and need to restrict to only one user can access. 

So i am thinking is that anyway to create another user called 'root2' then change it to super user and the original root change it to normal user. 

Because i do not want to change the root password because there is some job like kill process, i can allow other user to do instead of me. 

Thanks You. 

0 Kudos
Reply
Steven Schweda
Honored Contributor

‎11-19-2016 06:07 AM

‎11-19-2016 06:07 AM

Re: Create a new super user in the Unix Server

> Because some user is need to login root to do some administration job
> for example, kill process, add user, etc.

   There's a program called "sudo" which is intended to make it possible
for non-"root" users to do tasks which require privilege, without
needing the "root" password.  The latest version should be available
from:

      http://hpux.connect.org.uk/hppd/hpux/Sysadmin/

   I don't use it much, but I gather that there's a configuration file
("/usr/local/etc/sudoers"?) which specifies who can do what.


> So i am thinking is that anyway to create another user called 'root2'
> then change it to super user and the original root change it to normal
> user.

   I can see how changing the name of the only privileged user could
_cause_ new problems, but I don't see how it could _solve_ any problems.

0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎11-19-2016 08:47 PM

‎11-19-2016 08:47 PM

Re: Create a new super user in HP-UX

You can create as many super users as you want but not a good practice. Each will have UID 0, which is the magic.

If you fiddle with root, then it won't be able to do anything.  I.e. as part of "kill process, add user, etc.", it allows access to files.

There is one other way, if the files you want to protect are over NFS, you can use the "root is less than dirt" option.

But as Steven said, sudo or another RBAC is what you want.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.