1748285 Members
3937 Online
108761 Solutions
New Discussion юеВ

Alternate root user

 
SOLVED
Go to solution
Rook_1
New Member

Alternate root user

Is there a possibility for alternate root user on HP-UX machine? What could be limitations... suggestions?
TY
9 REPLIES 9
Wouter Jagers
Honored Contributor
Solution

Re: Alternate root user

Any user which is assigned a UID of 0 (zero) is a root user. However, doing this is not recommended for obvious security reasons.

Removing or renaming the actual 'root' account can be done in theory, but you shouldn't: a bunch of scripts, tools and software assume the existence of the root account.

In other words: unless you have really (really!) good reasons to do so, save yourself a bunch of trouble and leave your root account like it is.

Cheers,
Wout
an engineer's aim in a discussion is not to persuade, but to clarify.
Jollyjet
Valued Contributor

Re: Alternate root user

If you need to allow them to do other root-type commands, then your best bet is to install sudo.

http://www.courtesan.com/sudo

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.8p12/
Vishu
Trusted Contributor

Re: Alternate root user

yeah ,
u can hv alternate root user that u can create with useradd command with UID 0 and have -o option for duplicate UID with this command.
Anshumali
Esteemed Contributor

Re: Alternate root user

This is not suggested though...
Make UID of the user as 0
better way is to install sudo and use that for your use...
I am not sure what requirement makes you think about the another root user... there are previous threads on this also.. please have a look at them as this has been already discussed many times..
Dreams are not which you see while sleeping, Dreams are which doesnt allow you to sleep while you are chasing for them!!
Angus Crome
Honored Contributor

Re: Alternate root user

I would never suggest doing this. Sudo or Powerbroker, or one of the other privilege access tools would be a much safer and more secure solution.

In fact, in certain industries, performing this action is grounds for dismissal, regardless of the intent.
There are 10 types of people in the world, those who understand binary and those who don't - Author Unknown
Sunny Jaisinghani
Trusted Contributor

Re: Alternate root user

Refer to the below thread. u'll get some very good suggestions.

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=943392

Regards
A. Clay Stephenson
Acclaimed Contributor

Re: Alternate root user

You can have n users with UID 0.

Benefits: 0 - it is state-of-the-art stupid.

Risks: It will be impossible to determine which of these users did what because all tracking is done via UID rather than login.
You just flunked your security audit.

If you need to allow users to perform tasks which normally require superuser permission then look for a package called sudo.
If it ain't broke, I can fix that.
Ashish Parashar
Frequent Advisor

Re: Alternate root user

Hello Rook

Its right, you can have several user with UID 0 as root user for this you just have to edit passwd file ,but problem is that

if anyone of them will change the root password of all root user.. no one can login except him( possible threat).

If you want to give some root power to any user .. you can try retricted SAM or

edit sudoer file and give permission for some commands also.

Regards

Ashish Parashar
Raj D.
Honored Contributor

Re: Alternate root user

Rook,

You can create a alternate root user by creating an user with uid 0.

But, If you are trying to controll access or restrict access better to use sudo ,

Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while logging the commands and arguments.

The current version is sudo 1.6.8p12, released on November 8, 2005.

Check this link:
http://www.gratisoft.us/sudo/


Cheers,
Raj.


" If u think u can , If u think u cannot , - You are always Right . "