HPE Community
Operating System - HP-UX
1755690 Members
3486 Online
108837 Solutions
New Discussion юеВ

creating the user with the uid '0'

 
SOLVED
Go to solution
Dennis Handly
Acclaimed Contributor

тАО12-01-2009 01:37 AM

тАО12-01-2009 01:37 AM

Re: creating the user with the uid '0'

>for giving the root permission to the some users

As others have mentioned, this is not a good idea security-wise.

But if you really really want it, you can use vipw(1m) to add them. And use vipw to remove them.
0 Kudos
Reply
Javed Khan_1
Valued Contributor

тАО12-01-2009 06:14 AM

тАО12-01-2009 06:14 AM

Re: creating the user with the uid '0'

Hi,

Any user with udi 0 is superuser

just add -o (Allow the UID to be non-unique) along with useradd and uid 0.

However better option is to install sudo , this will also give you to assign users to execute limited command by root users.

Javed
Never Give Up
0 Kudos
Reply
OldSchool
Honored Contributor

тАО12-01-2009 08:02 AM

тАО12-01-2009 08:02 AM

Re: creating the user with the uid '0'

I'd suggest you search the forums for "uid 0" as noted above to find the reasons why this a *very* bad idea....including the possiblitiy of rendering your system unusable.

If you've made them UID = 0, you might as well give them the root password, as that's probably safer.

you should consider using su or sudo or PowerBroker or ???

If you're subject to security audits, or things such as SOX or PCI requirements, you'll get clobbered if they find this
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО12-01-2009 08:09 AM

тАО12-01-2009 08:09 AM

Re: creating the user with the uid '0'

Hi:

To underscore OldSchool's sage advice I would urge you to read this thread to understand one "nightmare":

http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1309715

Simply because you _can_ do something doesn't mean that you _should_. Don't replicate uid=0.

Regards!

...JRF...
0 Kudos
Reply
Doug Burton
Respected Contributor

тАО12-01-2009 09:03 AM

тАО12-01-2009 09:03 AM

Re: creating the user with the uid '0'

I have to agree with everyone else here. Install/config SUDO or give the "users" the root password (I cringe when I type that).

You don't talk about why the users need root. Maybe they really need it however I have found that people that NEED root to do there job are not doing it well, correctly, whatever way you like to say it.

Perhaps SUID needs to be set on the file(s) they are using?

In any case it would be nice to know why they need root.
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО12-01-2009 09:13 AM

тАО12-01-2009 09:13 AM

Re: creating the user with the uid '0'

>>>In any case it would be nice to know why they need root.

Probably more like: In any case it would be nice to know why they **THINK** they need root.

The other way to look at this is if you give out the root password, or create multiple UID 0 accounts, guess where the fingers will point **WHEN** something catastrophic happens.

With multiple UID 0 accounts it is not a matter of **IF** something bad will happen, but **WHEN** something bad will happen.

If your users are anything like some users I have dealt with, they will NOT take responsibility for doing something stupid that crashes the system. "No, it couldn't have been ME!!" will be heard a LOT! Then the fingers will start pointing, and ultimately the blame will fall to you since you are the system administrator.

Is that what you want to happen? I doubt it!

You need to find out what the users **REALLY** need and then use something like sudo to fulfill that need.
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО12-01-2009 06:14 PM

тАО12-01-2009 06:14 PM

Re: creating the user with the uid '0'

> Root is also the user owning the uid '0'.

Actually, root (and any other user id like bill or jimmy) does not 'own' a uid. User names are only for humans because numbers are hard to remember. The user name you see for uid 0 is the first match in the passwd file. If you put bill (with uid 0) first, then all uid 0 files would appear to be owned by bill. But really, they have an ownership of 0 and that is all.

As has been mentioned, multiple uid 0 users is a very, very bad idea. Not only does it compromise security, but you are giving possibly untrained users the ability to completely destroy your system with one command. And someday, you or one of your uid 0 users may want to remove files owned by bill or owned by jimmy and you end up removing every file owned by uid 0 -- thus destroying your system.

Use this command to see how many uid numbers have been compromised:

logins -d

For safety and security, there should be no output from this command.


Bill Hassell, sysadmin
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО12-01-2009 06:53 PM

тАО12-01-2009 06:53 PM

Re: creating the user with the uid '0'

>Bill: may want to remove files owned by bill or owned by jimmy and you end up removing every file owned by uid 0

Using vipw(1m) to remove the user wouldn't have that problem.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.