HPE Community
Operating System - HP-UX
1833758 Members
2602 Online
110063 Solutions
New Discussion

Create a second root account on a system with a protected passwd auth database

 
Ulrich Tehrani
Advisor

‎03-10-2004 07:56 PM

‎03-10-2004 07:56 PM

Create a second root account on a system with a protected passwd auth database

Hello,

can anybody confirm if this is the right way to create a additional root login on a trusted system by using the command line:
1.)
useradd -u 0 -g 3 -o -s /sbin/sh -d /root -c "Ulrich Tehrani" systest

Or must i use modprpw -A ?

or have i to use modprpw ?
2.)
modprpw -x
=> Get admin Number
3.)
Login with user systest and choice a new password


Thanks in advance


Uli
0 Kudos
Reply
3 REPLIES 3
David Burgess
Esteemed Contributor

‎03-10-2004 09:21 PM

‎03-10-2004 09:21 PM

Re: Create a second root account on a system with a protected passwd auth database

Hi,

It looks like that will add a user. Set the password with passwd or use sam. Not to want to go on about security, but having 2 root accounts makes your system less secure. ie you now have 2 ways of getting top level access and 2 passwords that can potentially be hacked. Why not use sudo or su to get this access. That way you can control what goes on a little better.

Regards,

Dave.
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

‎03-10-2004 11:50 PM

‎03-10-2004 11:50 PM

Re: Create a second root account on a system with a protected passwd auth database

Hi,
Since you created the user systest, its auth file would be in /tcb/files/auth/s
I cant have a look at the moment but to play it safe because of the format - After useradd, I would copy the one of root in this directory, rename it systest, and then change its passwd using passwd systest, typing passwd only would change the one of root, remember this in the future when using this account...

All the best
Victor
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎03-10-2004 11:56 PM

‎03-10-2004 11:56 PM

Re: Create a second root account on a system with a protected passwd auth database

Generally, the need for a second root account is either for safety (in case root gets locked out) or to delegate responsibilities. In HP-UX, the root account may be locaked out but this lock has no effect when using the 'real' system console. Adn a second root account used for an alternate user can eventually lead to a big 'oops' when the other user forgets that they are always root and does some very serious damage to the system.

The best way is to use sudo, a free tool used to distribute sysadmin privileges. It can be used to limit the commands as well as the parameters allowed for special users. And it logs both failures and successes. A good use of sudo is for users that need to mount/umount a CD but cannot be allowed to unmount any other disk.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.