HPE Community
Operating System - HP-UX
1756286 Members
2532 Online
108843 Solutions
New Discussion юеВ

Re: Change owner to few user ids

 
Patrick Wallek
Honored Contributor

тАО01-07-2009 06:20 AM

тАО01-07-2009 06:20 AM

Re: Change owner to few user ids

>>>>>>>>>>
what is understood by below mentioned statement?

A number of user IDs (7%) had still not been assigned to specific owners. These IDs might therefore be shared by a number of staff members, with the result that it would not be possible to assign accountability for actions taken by way of such user IDs. Furthermore, if a user ID is not assigned to a specific owner no one could be held responsible for ensuring that the password is changed or that the confidentiality of the private login password is maintained.
<<<<<<<<<<<<<<


Here is what I gather from the above:

1) You are doing a user audit.
2) You somehow assign users as "owners" of IDs. How this is done is NOT clear.
3) 7% of your ID's do not have "owners" assigned.
4) There is concern that an id that does not have an "owner" will be difficult to trace if mis-used.

If I am wrong about the above, please correct me.

I also gather from previous statements that you want to know how to "assign an owner" to an ID, right?

This is typically done by modifying the comment field for the ID in the /etc/passwd file.

Assigning an "owner" to an ID has absolutely NOTHING to do with the chown command.

Say you have an id with the following in /etc/passwd:

www:*:30:1::/home/www:

There is no comment in the comment field for this id, which I guess indicates that there is no owner for this id.

To add a comment you can use the usermod command.

# usermod -c "MICKEY MOUSE" www

This command will add "MICKEY MOUSE" to the comment field for the www id, yielding the following in /etc/passwd:

www:*:30:1:MICKEY MOUSE:/home/www:

Is this what you require?
0 Kudos
unixadmin_1
Frequent Advisor

тАО01-15-2009 11:52 PM

тАО01-15-2009 11:52 PM

Re: Change owner to few user ids

Urgent Request:-
Please can you load an emergency change to ensure that the system is in compliance by:-

1) Extract a recent report of user ids that do not have a specific owners assigned.
2) Assign owners to these userids
3) Extract a recent report of user ids that have UID of 0
4) Ensure that only Root has a UID of 0.

Please create before and after snapshots for evidence....


Due Date:-
Friday - 23 January 2009.

Evidence:-
Please submit evidence that this is complete and systems are in compliance.

Please let me know if you have queries or concerns with regards to this.
0 Kudos
Torsten.
Acclaimed Contributor

тАО01-16-2009 12:33 AM

тАО01-16-2009 12:33 AM

Re: Change owner to few user ids

In my understanding you have "owners" of "userids", e.g.

You (unixadmin) are the owner of the userid "unixadmin", right?

On the other hand you have userids (let's say "someone01"), without a real user (human) who owns and is responsible for this userid, so that several people are using this certain userid.

Is this correct?

So you need to give each of your users his own login and delete all the "shared" users.

Only you can know what userids are "shared" that way, the system cannot know it.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Dennis Handly
Acclaimed Contributor

тАО01-16-2009 12:38 AM

тАО01-16-2009 12:38 AM

Re: Change owner to few user ids

>1) Extract a recent report of user ids that do
>3) Extract a recent report of user ids that have UID of 0
>4) Ensure that only Root has a UID of 0.

This awk script can do these:
awk -F: '
{
# print $1, $3, $5
if ($1 == "+") next
if ($5 == "") {
print "No user name for", $1
}
if ($3 == 0) {
print "superuser", $1, $5
if ($1 != "root") {
print "superuser but not root:", $1, $5, "<******"
}
}
}' /etc/passwd
0 Kudos
unixadmin_1
Frequent Advisor

тАО01-16-2009 03:09 AM

тАО01-16-2009 03:09 AM

Re: Change owner to few user ids

as i am new to this environment please send me the correct script without any mistakes so that i will execute this one in root with no errors
0 Kudos
Steven Schweda
Honored Contributor

тАО01-16-2009 04:34 AM

тАО01-16-2009 04:34 AM

Re: Change owner to few user ids

> Due Date:-
> Friday - 23 January 2009.

> as i am new to this environment please send
> me the correct script without any mistakes
> so that i will execute this one in root
> with no errors

It sounds as if you have less than a week to
find someone who can and will do your job for
you. Good luck with that.
0 Kudos
TTr
Honored Contributor

тАО01-16-2009 04:53 AM

тАО01-16-2009 04:53 AM

Re: Change owner to few user ids

I have seen many of these audit reports. Torsten got it right. The problem is generic accounts on the server that are created to perform a function and not accounts that are attached to a specific person. Something like "dataload", "extract" or "dataxfer" that either are accessed/managed by several people or nobody is watching them and nobody knows what they do.

> I am new to this environment...

It looks like you are new to HP-UX and UNIX more than to your client's environment. I would take Steven's suggestion seriously!

You do NOT jump in a change everything according to the audit finds. You have to evaluate each finding on the IT side and take it up with the business that is using the server environment. If you change something according to the audit findings, the bussines will sufer and lose service and functionality. The business needs to understand the risk in each case and in many cases are willing to live with it. In many other cases the finding is only superficial and when you look deeper in it there is no need to do anything.
0 Kudos
Dennis Handly
Acclaimed Contributor

тАО01-16-2009 04:00 PM

тАО01-16-2009 04:00 PM

Re: Change owner to few user ids

>send me the correct script without any mistakes so that i will execute this one in root with no errors

My script just prints things. You'll have to decide how to change things.
0 Kudos
unixadmin_1
Frequent Advisor

тАО01-16-2009 10:46 PM

тАО01-16-2009 10:46 PM

Re: Change owner to few user ids

Hi dennis,

I need to confirm wheather the code mentioned is c program or shell program..As i am new to unix environment please let me know and also let me know how to compile and run shell script

Thank you very much
0 Kudos
Dennis Handly
Acclaimed Contributor

тАО01-16-2009 11:31 PM

тАО01-16-2009 11:31 PM

Re: Change owner to few user ids

>I need to confirm whether the code mentioned is C program or shell program.

It should be obvious it isn't C. It is a sh/ksh script that invokes awk.

>let me know how to compile and run shell script

You can just cut & paste those lines into your shell. Or you can add "#!/usr/bin/ksh" to the top and create a script. Then make it executable: chmod a+x script-file
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.