- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Change owner to few user ids
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-07-2009 06:20 AM
тАО01-07-2009 06:20 AM
Re: Change owner to few user ids
what is understood by below mentioned statement?
A number of user IDs (7%) had still not been assigned to specific owners. These IDs might therefore be shared by a number of staff members, with the result that it would not be possible to assign accountability for actions taken by way of such user IDs. Furthermore, if a user ID is not assigned to a specific owner no one could be held responsible for ensuring that the password is changed or that the confidentiality of the private login password is maintained.
<<<<<<<<<<<<<<
Here is what I gather from the above:
1) You are doing a user audit.
2) You somehow assign users as "owners" of IDs. How this is done is NOT clear.
3) 7% of your ID's do not have "owners" assigned.
4) There is concern that an id that does not have an "owner" will be difficult to trace if mis-used.
If I am wrong about the above, please correct me.
I also gather from previous statements that you want to know how to "assign an owner" to an ID, right?
This is typically done by modifying the comment field for the ID in the /etc/passwd file.
Assigning an "owner" to an ID has absolutely NOTHING to do with the chown command.
Say you have an id with the following in /etc/passwd:
www:*:30:1::/home/www:
There is no comment in the comment field for this id, which I guess indicates that there is no owner for this id.
To add a comment you can use the usermod command.
# usermod -c "MICKEY MOUSE" www
This command will add "MICKEY MOUSE" to the comment field for the www id, yielding the following in /etc/passwd:
www:*:30:1:MICKEY MOUSE:/home/www:
Is this what you require?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-15-2009 11:52 PM
тАО01-15-2009 11:52 PM
Re: Change owner to few user ids
Please can you load an emergency change to ensure that the system is in compliance by:-
1) Extract a recent report of user ids that do not have a specific owners assigned.
2) Assign owners to these userids
3) Extract a recent report of user ids that have UID of 0
4) Ensure that only Root has a UID of 0.
Please create before and after snapshots for evidence....
Due Date:-
Friday - 23 January 2009.
Evidence:-
Please submit evidence that this is complete and systems are in compliance.
Please let me know if you have queries or concerns with regards to this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-16-2009 12:33 AM
тАО01-16-2009 12:33 AM
Re: Change owner to few user ids
You (unixadmin) are the owner of the userid "unixadmin", right?
On the other hand you have userids (let's say "someone01"), without a real user (human) who owns and is responsible for this userid, so that several people are using this certain userid.
Is this correct?
So you need to give each of your users his own login and delete all the "shared" users.
Only you can know what userids are "shared" that way, the system cannot know it.
Hope this helps!
Regards
Torsten.
__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!
If you feel this was helpful please click the KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-16-2009 12:38 AM
тАО01-16-2009 12:38 AM
Re: Change owner to few user ids
>3) Extract a recent report of user ids that have UID of 0
>4) Ensure that only Root has a UID of 0.
This awk script can do these:
awk -F: '
{
# print $1, $3, $5
if ($1 == "+") next
if ($5 == "") {
print "No user name for", $1
}
if ($3 == 0) {
print "superuser", $1, $5
if ($1 != "root") {
print "superuser but not root:", $1, $5, "<******"
}
}
}' /etc/passwd
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-16-2009 03:09 AM
тАО01-16-2009 03:09 AM
Re: Change owner to few user ids
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-16-2009 04:34 AM
тАО01-16-2009 04:34 AM
Re: Change owner to few user ids
> Friday - 23 January 2009.
> as i am new to this environment please send
> me the correct script without any mistakes
> so that i will execute this one in root
> with no errors
It sounds as if you have less than a week to
find someone who can and will do your job for
you. Good luck with that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-16-2009 04:53 AM
тАО01-16-2009 04:53 AM
Re: Change owner to few user ids
> I am new to this environment...
It looks like you are new to HP-UX and UNIX more than to your client's environment. I would take Steven's suggestion seriously!
You do NOT jump in a change everything according to the audit finds. You have to evaluate each finding on the IT side and take it up with the business that is using the server environment. If you change something according to the audit findings, the bussines will sufer and lose service and functionality. The business needs to understand the risk in each case and in many cases are willing to live with it. In many other cases the finding is only superficial and when you look deeper in it there is no need to do anything.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-16-2009 04:00 PM
тАО01-16-2009 04:00 PM
Re: Change owner to few user ids
My script just prints things. You'll have to decide how to change things.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-16-2009 10:46 PM
тАО01-16-2009 10:46 PM
Re: Change owner to few user ids
I need to confirm wheather the code mentioned is c program or shell program..As i am new to unix environment please let me know and also let me know how to compile and run shell script
Thank you very much
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-16-2009 11:31 PM
тАО01-16-2009 11:31 PM
Re: Change owner to few user ids
It should be obvious it isn't C. It is a sh/ksh script that invokes awk.
>let me know how to compile and run shell script
You can just cut & paste those lines into your shell. Or you can add "#!/usr/bin/ksh" to the top and create a script. Then make it executable: chmod a+x script-file