HPE Community
Operating System - HP-UX
1836627 Members
1971 Online
110102 Solutions
New Discussion

Re: Changing Root Password

 
SOLVED
Go to solution
CCP_LAB Admin
New Member

‎03-01-2001 11:35 AM

‎03-01-2001 11:35 AM

Changing Root Password

In HP systems To My Knowledge it's easy to change the root password if you know how to go to single user mode.We are handling
multiple Tier3,2,1 Machines/Workstation. So If any user know how to
go to Single user mode can change the root password,I feel this as less system security. Is there any way to avoid this?

I Know in Sun No User can change the Password Until he Mount the
root File System,Please Suggest any Solutions.

Thanks in Advance.
Try,Try,Try Again ..
0 Kudos
Reply
10 REPLIES 10
Rick Garland
Honored Contributor

‎03-01-2001 11:39 AM

‎03-01-2001 11:39 AM

Re: Changing Root Password

The root passwd can be changed while in multi-user mode as well.
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎03-01-2001 11:56 AM

‎03-01-2001 11:56 AM

Re: Changing Root Password

It is only insecure if you have a lot of people that know the root password and/or have permission to execute the shutdown command. The file /etc/shutdown.allow allows you to control who can and can't execute the shutdown command. If you set up the shutdown.allow so that only root can shutdown the machine and don't give out the root password, then I think you are OK.

0 Kudos
Reply
Brian Taylor
Advisor

‎03-01-2001 11:57 AM

‎03-01-2001 11:57 AM

Re: Changing Root Password

Dropping a machine into single user mode is not something a regular user should be able to. Who has the ability to reboot/shutdown the machine?
0 Kudos
Reply
CCP_LAB Admin
New Member

‎03-01-2001 12:22 PM

‎03-01-2001 12:22 PM

Re: Changing Root Password

Thankyou for your replies.I'm Sorry I didn't mention the question clearly. What I mean exactly is Not By regular Shutdown or in multiuser level, If a user hit the Power Button and after that when
he hits the esc key and type relevant key he can change the passwd
in his workstation.

I would like to avoid it. Is there a way?
Try,Try,Try Again ..
0 Kudos
Reply
Joseph C. Denman
Honored Contributor

‎03-01-2001 01:12 PM

‎03-01-2001 01:12 PM

Re: Changing Root Password

Change your system security policies to require a password into single user mode?

***warning*** This makes it a bit tricky if password is forgotton!!!
If I had only read the instructions first??
0 Kudos
Reply
Bruce Regittko_1
Esteemed Contributor

‎03-01-2001 06:55 PM

‎03-01-2001 06:55 PM

Re: Changing Root Password

Hi,

You can convert your system to a trusted system. Then it will prompt you for a password before booting to run level s. Be advised that a trusted system comes with some overhead. Investigate whether or not it is right for your system before converting.

On another note, if you have rather lax physical security on your server, then yes, anyone can push the power switch and reboot your machine. However, even a trusted system is not secure since the machine can be booted off of a cdrom with a recovery shell. From the recovery shell, one can mount the root filesystem and change/clear the root password.

--Bruce
www.stratech.com/training
0 Kudos
Reply
CCP_LAB Admin
New Member

‎03-02-2001 06:57 AM

‎03-02-2001 06:57 AM

Re: Changing Root Password

Thanks for the suggestion.
We are running NIS in 10.20 so we can't Change our System to
Trusted System. Please Advice Me Wether I can Set the Password
to go to Single user Mode.

Thanks in Advance.
Try,Try,Try Again ..
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎03-02-2001 07:28 AM

‎03-02-2001 07:28 AM

Solution

Re: Changing Root Password

Since you are running NIS and can't convert to a trusted system, you are, unfortunately, out of luck.

Here is an excerpt from this document on the ITRC:
http://us-support2.external.hp.com/cki/bin/doc.pl/sid=dd1dcf7d065a6cb090/screen=ckiDisplayDocument?docId=200000048456189


PROBLEM
How can HP-UX be configured so that it requires a root password when booting into single-user mode?

RESOLUTION

The only way to require a login when booting into single-user mode is to set the boot_authentication flag on a trusted system. If the system is not trusted, this option is not available.
Reply
Bill Hassell
Honored Contributor

‎03-02-2001 07:30 PM

‎03-02-2001 07:30 PM

Re: Changing Root Password

You can add a password request into /etc/profile. Check that /etc/profile is running in single user mode (hint: /sbin/who -r or getrunlvl -r). Due to a bug in who -r, it sometimes reports run level 3 in single user mode. In that case, just test that /usr is not mounted which means single user mode. You might try coding the tests into an executable so knowledgeable users won't be able to read the steps in /etc/profile.


Bill Hassell, sysadmin
0 Kudos
Reply
CCP_LAB Admin
New Member

‎03-06-2001 09:20 AM

‎03-06-2001 09:20 AM

Re: Changing Root Password

Thankyou Very Much for all of you.
I got the Answer from Patrick and as well as from Bill.
Try,Try,Try Again ..
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.