- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Change owner to few user ids
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-17-2009 04:54 AM
тАО01-17-2009 04:54 AM
Re: Change owner to few user ids
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-17-2009 04:51 PM
тАО01-17-2009 04:51 PM
Re: Change owner to few user ids
While there is no perfect answer, the easiest answer is that any userID that does not have a user name that is a known employee would fall into this class. So here are 'standard' owner-less logins:
lp
daemon
bin
sys
uucp
www
and so on. Now you have to defend the existence of these owner-less userIDs. That's easy: every Unix system requires administration IDs such as lp. If the userID is removed then a subsystem may break. If the auditor wants an owner for these administrative IDs, then tell them they are managed by the system administrators.
Now removing former employee logins or temporary logins requires a company policy. It is certainly possible that removing a userID and all the files they owned could have serious results -- most high security companies require that no account or user files be removed. Instead, all automated tools and scripts must be examined for validity or disabled.
> 2) Assign owners to these userids
Assign the root sysadmins to the accounts. But this is nothing but paperwork. The auditors are focusing on logins, not functionality.
> 3) Extract a recent report of user ids that have UID of 0
> 4) Ensure that only Root has a UID of 0.
Actually, both requirements can be met with one command:
logins -d
This should be a cron job for any secure system. What logins -d produces is a list of any UID that appears more than once, or nothing when there are no duplicate user IDs. This is regardless of whether they are UID 0 or some other UID. You don't want any duplicate UIDs. Many admins will create backdoors with a special login with UID 0. But this is exactly what a hacker would want and the point behind the auditor requirement. This poor technique is eliminated with tools such as sudo.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-17-2009 07:28 PM
тАО01-17-2009 07:28 PM
Re: Change owner to few user ids
> I got root access...
@Dennis, Bill et al. I seriously think that even attempting to help in this situation is the wrong thing to do. There is a disaster about to occur. The best thing to do here for the original poster is to walk away from this job. I do realize that there are other factors that play here, job availability, desparation, outsourcing. And that there are many, many other postings with similar scenarios.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-18-2009 08:41 AM
тАО01-18-2009 08:41 AM
Re: Change owner to few user ids
Unlike windows, the file types / extensions are, by and large, meaningless in unix. compilers use them to determine flavors of fortran (77/90), c (or c++). they can be useful for humans however, for example .awk might be an awk script, .pl for perl etc.
to be honest, it sounds like you are way in over your head here..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-19-2009 01:46 AM
тАО01-19-2009 01:46 AM
Re: Change owner to few user ids
{
# print $1, $3, $5
if ($1 == "+") next
if ($5 == "") {
print "No user name for", $1
}
if ($3 == 0) {
print "superuser", $1, $5
if ($1 != "root") {
print "superuser but not root:", $1, $5, "<******"
}
}
}' /etc/passwd
These are still turning around in my mind:
1)with what file name should i save the above code
2)under which directory folders should i save this.
3)how to run the above code please mention and reply me urgently
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-19-2009 01:51 AM
тАО01-19-2009 01:51 AM
Re: Change owner to few user ids
#chown username:group file/dir
#chown -R username:group dir
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-19-2009 01:54 AM
тАО01-19-2009 01:54 AM
Re: Change owner to few user ids
awk -F: '
{
# print $1, $3, $5
if ($1 == "+") next
if ($5 == "") {
print "No user name for", $1
}
if ($3 == 0) {
print "superuser", $1, $5
if ($1 != "root") {
print "superuser but not root:", $1, $5, "<******"
}
}
}' /etc/passwd
These are still turning around in my mind:
1)with what file name should i save the above code
2)under which directory folders should i save this.
3)how to run the above code please mention and reply me urgently
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-19-2009 04:21 AM
тАО01-19-2009 04:21 AM
Re: Change owner to few user ids
Whatever you want. It is a shell script fragment. You can use ksh, sh or even scummy C shell. It just has to be executable. Or you can enter it directly into your shell.
>2)under which directory should I save this?
Whatever you want.
>3)how to run the above code?
It is a multi-line shell command.
You can also change it into awk command file as in your other thread:
http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1305681
If our answers were helpful, please read the following about how to assign points:
http://forums.itrc.hp.com/service/forums/helptips.do?#33
- Tags:
- scummy C shell
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-12-2009 05:02 AM
тАО02-12-2009 05:02 AM
Re: Change owner to few user ids
- « Previous
- Next »