- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: root user profile corrupted
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-03-2013 05:45 AM
01-03-2013 05:45 AM
Experts
$ grep root /etc/passwd
root:XXXXXXXX:0:3::u:/sbin/sh
root:XXXXXXXX:0:3::/:/sbin/sh
Home Directory was / ,instead of / It modified as u .
My doubt is any command will overrude this or somebody edit the passwd file ?
Ajin.S
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Solved! Go to Solution.
- Tags:
- passwd
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-03-2013 06:21 AM
01-03-2013 06:21 AM
Re: root user profile corrupted
smh can be used to call the sam user tool, or usermod can be used to modify a user account. However, both of these should refuse to work on the root account. I would guess that somebody edited the passwd file. Make sure the file is owned root:sys and is set to 444 permissions. Check the shell history for root. Make sure only trained authorized administrators have access to the root password. Better yet, force the use of RBAC or sudo to perform administrative tasks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-03-2013 07:14 AM
01-03-2013 07:14 AM
Re: root user profile corrupted
Hi ken
Thanks for mail
How can I Check the shell history for root.
Ajin.S
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-03-2013 07:42 AM
01-03-2013 07:42 AM
Re: root user profile corrupted
Normally it would be in the root home directory /.sh_history, if it was configured. If it wasn't configured, then you may not have one.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-03-2013 07:43 AM
01-03-2013 07:43 AM
Re: root user profile corrupted
Check in roots home directory, / in this case, for a file like .sh_history or .history. The file can be viewed via 'cat' or 'more'.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2013 05:00 AM
01-04-2013 05:00 AM
Re: root user profile corrupted
HI
I checked the history file .I thing it was not configured .
I understood someone edit the password file .But root only do this .I didnt find any oneone do su at that time Period .Is any other way to find this whom do vi like vi logs or the logs captured other than syslog wtmp and su log
Ajin.S
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2013 05:21 AM
01-04-2013 05:21 AM
SolutionDid you verify that /etc/passwd was owned root:sys and set to 444 mode? If permissions are not restricted, then others might be able to edit. There should be tight control of the root account. In some shops I've worked, only the security team had the password and even HP-UX Engineers had to use RBAC or sudo to do administrative tasks. At a minimum only one or two experienced administrators should have it and you should configure the shell history. The vi editor does not have a history or log function. I doubt that you can determine the offender at this time. Even with shell history and system auditing enabled, you might have a hard time determining who did it. If you force administrators to use RBAC and sudo to gain root privilege and add the base UID to the root .sh_history.$UID file, you might be able to see who had vi'ed the passwd file in the future.