HPE Community
Operating System - HP-UX
1821204 Members
3452 Online
109631 Solutions
New Discussion юеВ

Re: Create new user with root privileges

 
SOLVED
Go to solution
maxell_1
Frequent Advisor

тАО08-11-2008 08:49 AM

тАО08-11-2008 08:49 AM

Create new user with root privileges

Hi Guys,

I do not wish to use the default root user due to security reasons and thus trying to create a new user with root privileges to do my admin tasks.

What is the appropriate useradd command options to use in order to do this. The username I wish to use is "admin".

Thanks
0 Kudos
Reply
11 REPLIES 11
candlejack
Advisor

тАО08-11-2008 08:54 AM

тАО08-11-2008 08:54 AM

Re: Create new user with root privileges

Hi,

There's really no such thing as "root privileges," but you can obtain what you are looking for mostly by assigning many secondary groups to your "admin" user.
"The future starts today, not tomorrow." -Pope John Paul II
0 Kudos
Reply
Court Campbell
Honored Contributor

тАО08-11-2008 08:57 AM

тАО08-11-2008 08:57 AM

Re: Create new user with root privileges

Implement sudo.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
0 Kudos
Reply
Tim Nelson
Honored Contributor

тАО08-11-2008 08:58 AM

тАО08-11-2008 08:58 AM

Re: Create new user with root privileges

>>I do not wish to use the default root user due to security reasons and thus trying to create a new user with root privileges to do my admin tasks

If you create another user with root privelages it negates any security concerns because that user can then do anything that root can do...

If you wish to only give "some" privelages to another user then either sudo or restricted SAM is the way to go.

Again, if you wish to create another username with complete "root" privs then you might as well just give them the root password.

0 Kudos
Reply
maxell_1
Frequent Advisor

тАО08-11-2008 08:59 AM

тАО08-11-2008 08:59 AM

Re: Create new user with root privileges

Not really totally becoming root actually.

Rather my intention is to allow this new user to be able to perform tasks and execute commands pertaining to Network configuration and troubleshooting, DNS configuration, Backup as well as NFS.

Do i really need to assign this new user a user ID of 0?
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО08-11-2008 09:10 AM

тАО08-11-2008 09:10 AM

Solution

Re: Create new user with root privileges

Hi:

The 'root' user is *any* user with a uid=0.

Do *not* have multiple user accounts with uid=0. Not only is this a great security risk, but it is dangerous for the following reason:

# find / -user someuser -exec rm -rf {} \+

...you *thought* you were cleaning up "someuser" but when its uid=0, you just removed 'root's files and directories!

Using 'sudo' is the most appropriate, safe way to do what you want.

Regards!

...JRF...
Reply
Court Campbell
Honored Contributor

тАО08-11-2008 09:11 AM

тАО08-11-2008 09:11 AM

Re: Create new user with root privileges

No, install sudo.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
0 Kudos
Reply
maxell_1
Frequent Advisor

тАО08-11-2008 04:20 PM

тАО08-11-2008 04:20 PM

Re: Create new user with root privileges

Alright, I will try to use sudo. Thanks everybody for your valuable advice :)
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО08-11-2008 05:19 PM

тАО08-11-2008 05:19 PM

Re: Create new user with root privileges

Shalom,

sudo is available from http://software.hp.com as part of Internet Express.

Search for it and you can choose to download sudo alone.

This will include all dependencies which the version from the Porting and Archive Center make you do for yourself.

sudo is the way to go.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Safarali
Valued Contributor

тАО08-11-2008 07:55 PM

тАО08-11-2008 07:55 PM

Re: Create new user with root privileges

Hi Samuel sudo is the best practise you can monitor the activities if you are only want cetrain task then better to go restricted sam builder so user can only do the certain task


Regards
Safar
0 Kudos
Reply
Asif Sharif
Honored Contributor

тАО08-11-2008 08:36 PM

тАО08-11-2008 08:36 PM

Re: Create new user with root privileges

Good day smauel,

HP-UX RBAC is an alternative to the traditional "all-or-nothing" root user model, which grants permissions to the root user for all operations, and denies permissions to non-root users for certain operations. HP-UX RBAC allows you to distribute administrative responsibilities by creating roles with appropriate authorizations and assigning them to non-root users and groups.

http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=A
ccessControl

http://docs.hp.com/en/5992-2395/ch05s05.html

Regards,
Asif Sharif
Regards,
Asif Sharif
0 Kudos
Reply
Court Campbell
Honored Contributor

тАО08-12-2008 09:45 AM

тАО08-12-2008 09:45 AM

Re: Create new user with root privileges

I was going to mention rbac as HP doesn't support sudo, but rbac is a pain to setup and make changes to IMO. Sudo is a lot easier to implement.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.