Re: Create Many admins that have Root Capabilities

morganelan · ‎11-16-2005

Hi Unix Gurus,
What is the best practice to create many admins that have root capabilities on trusted system HPUX 11.11?Such as admin1, admin2, admin3, etc.How to trace what those admins do on the system?Thanks in advance.

Kamal Mirdad

Rainer von Bongartz · ‎11-16-2005

>> What is the best practice to create many admins that have root capabilities

Best practice is NOT to do it !!!

If really wanted, create thos accounts all with UID=0

Regards
Rainer

He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...

Muthukumar_5 · ‎11-16-2005

You can create with using uid of 0 or changing attribute setting with sam -r.

To trace their activities then,

1) HISTORY file enablement:
2) $HOME/.profile start script to audit their activities in the shell with time.

hth.

Easy to suggest when don't know about the problem!

MarkSyder · ‎11-16-2005

I would suggest the best way is to use sudo.

Give them access to the commands you want them to have access to (making sure you don't give them the option to switch user to root). sudo keeps its own activity log.

Mark Syder (like the drink but spelt different)

The triumph of evil requires only that good men do nothing

Steven E. Protter · ‎11-16-2005

Much better not to do.

Many shops including mine have admin1 etc.

We set them up as normal user id's use passwd to change the password and then change the user id to zero (0).

We limit this to certified, qualified Systems Administrators(There are three of us).

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

morganelan · ‎11-17-2005

Thanks ...

Kamal Mirdad

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Create Many admins that have Root Capabilities

Create Many admins that have Root Capabilities