HPE Community
Operating System - HP-UX
1833878 Members
1822 Online
110063 Solutions
New Discussion

Re: Granting Permission

 
SOLVED
Go to solution
Mohammad Sanaullah
Frequent Advisor

‎06-25-2007 10:25 PM

‎06-25-2007 10:25 PM

Granting Permission

Dear All!
I want to give a user the full authorisation as root but i dont want to give him the root password, so as user can create user, modify user, make shutdown etc Hence is there any way to give user full authirisation on his own userID and Password. after this authorisation can user change the roots Password too.
Please help me out.
Thanks in Advance
Points after Answer.....
Alive
0 Kudos
Reply
12 REPLIES 12
BrianDoyle
Trusted Contributor

‎06-25-2007 10:37 PM

‎06-25-2007 10:37 PM

Re: Granting Permission

Hi,

Assigning sudo access and rsh are two options for restricting access.
Check out:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1065666

B
0 Kudos
Reply
Mohammad Sanaullah
Frequent Advisor

‎06-25-2007 10:49 PM

‎06-25-2007 10:49 PM

Re: Granting Permission


hi Briano, most probably i have not present my aspect fully, dear i dont want to grant limited access to the user i want to provide full authorisation but user should login as normal user ID but can do all activity like root. (e.g:- useradd, userdel, shutdown, backup, ............................. all).
Alive
0 Kudos
Reply
Fat Scrape
Honored Contributor

‎06-25-2007 10:50 PM

‎06-25-2007 10:50 PM

Re: Granting Permission

Hi,

you can install sudo application.

Sudo is a program designed to allow a sysadmin to give limited root privileges
to users and log root activity. The basic philosophy is to give as few
privileges as possible but still allow people to get their work done.

Download it from HP pporting and archiving center:

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.8p12/

Regards,
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎06-25-2007 10:51 PM

‎06-25-2007 10:51 PM

Re: Granting Permission

I'm not quite sure how "rsh" would help. Maybe you're thinking of restricted sam: "sam -r". You could set up a restricted sam user with access to the user utilities and then use the /etc/shutdown.allow file to give them access to shutdown.


Pete

Pete
0 Kudos
Reply
BrianDoyle
Trusted Contributor

‎06-26-2007 12:38 AM

‎06-26-2007 12:38 AM

Re: Granting Permission

Hi guys,
sorry, just to clarify what i said earlier: by rsh i meant restricted shell.
http://newfdawg.com/SHP-RestShell.htm

But sudo or restricted SAM are better options Mohammad.
thanks
B
(no points for this pls)
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎06-26-2007 01:15 AM

‎06-26-2007 01:15 AM

Re: Granting Permission

Well, there is a way you could do this, but it is considered a **BIG** security breach. I would not recommend it, and any security auditor would not like it all.

The way to make a user equivalent to root is to create the user as you normally would, but assign this user a UID number of 0 (zero). The UID 0 means 'root'.

Again, I don't recommend this as it is NOT good security, but it would work.
0 Kudos
Reply
Basheer_2
Trusted Contributor

‎06-26-2007 01:24 AM

‎06-26-2007 01:24 AM

Solution

Re: Granting Permission

Mohammed,

There are 3 ways to do this.
1) sudo - as others have suggested
2) Create a Restricted SAM user. You can then give that user permissions to control for ex: 1) create/delete/modify users 2) create/delete/modify printers etc..

3) Create a user rootUSERA and make it UID=0

we use sudo and option #3 for sox auditing
Reply
Fat Scrape
Honored Contributor

‎06-26-2007 01:49 AM

‎06-26-2007 01:49 AM

Re: Granting Permission

Hi,

I think that sudo is the best way to grant some sysadmin permission to normal user and this is approved by security auditor too.

Regards,

Fat

0 Kudos
Reply
Mohammad Sanaullah
Frequent Advisor

‎06-26-2007 05:13 PM

‎06-26-2007 05:13 PM

Re: Granting Permission

Dear All, who have helped me to resolve my problem specially Basheer, Patrick Wallek, Fat scrape. I got the idea how to do it but if some one could answer me the exact command for making the User with roots ID, for full Authorisation, is it safe when real user too logged in the same time (will there be any conflict).

bye
Alive
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎06-26-2007 05:37 PM

‎06-26-2007 05:37 PM

Re: Granting Permission

>exact command for making the User with roots ID, for full Authorisation,

If you want to do 3), it is real easy:
>3) Create a user rootUSERA and make it UID=0

As root, do vipw:
root:XXXXXXXX:0:3:root,location,phone:/roothome:/sbin/sh

Copy the root line, change user ID field, copy the password field from some other user. Change name, location and phone field. If you want another home directory, you can change that too. You would have to create that home directory manually. Or use sam then remove user without removing the files. Then chown -R root:sys /otherroot_home
And make sure chmod is proper on those files.

You could also change the shell.

Make sure you do NOT use sam to remove this new root user! Just use vipw.

>is it safe when real user too logged in the same time (will there be any conflict).

It depends. If you have a different home directory the two users won't interfere.

>I want to give a user the full authorisation as root but i dont want to give him the root password,

Of course once you do this, he can change the root password too. And put it back. He just won't know it.
Reply
ln_unix
Frequent Advisor

‎06-26-2007 10:21 PM

‎06-26-2007 10:21 PM

Re: Granting Permission

Hi sana,

Just go for sudo installation,that is very easy process.I'll send u the entire procedure in your mailbox.ok.bye.

Regards,

Lokesh Nagpal....
0 Kudos
Reply
ln_unix
Frequent Advisor

‎06-26-2007 10:23 PM

‎06-26-2007 10:23 PM

Re: Granting Permission

Hi Sana,

Just go for SUDO installation..i'll send you the entire procedure by mail...ok...bye..

Regards,

Lokesh Nagpal....
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.