HPE Community
Operating System - HP-UX
1834872 Members
2160 Online
110070 Solutions
New Discussion

Re: Help!!!

 
sam_193
Frequent Advisor

‎05-06-2007 09:43 PM

‎05-06-2007 09:43 PM

Help!!!

Can some one in the team tell me how can I rename root account from HP-UX box? Is it advisable to change the root password? if not what is the reason? if yes let me know the step by step proceedure to change the root account name. I tried by chaning the name in /etc/password file, but after reboot it went to single user mode.. Any help will be appreciated..

Thanks,
SAM
0 Kudos
Reply
16 REPLIES 16
Apai
Occasional Advisor

‎05-06-2007 09:49 PM

‎05-06-2007 09:49 PM

Re: Help!!!

Hi sam

It is crucial to change the root password to a strong password and it is important for you to remember the password.

1. Using root, type passwd root
and key-in new password.

Do you mean to change "root" to something else ?
0 Kudos
Reply
V. Nyga
Honored Contributor

‎05-06-2007 09:53 PM

‎05-06-2007 09:53 PM

Re: Help!!!

Hi,

'root' is the admin in UX, so you shouldn't change it (why would you do this?).

Of course should you change the 'root-password' to something unique, if you are the only admin.

To change the root password login as root and use the command 'passwd', then you 'll be asked for the new password.

Now, you have to edit /etc/password file in single user mode and change back to 'root'.

Volkmar
*** Say 'Thanks' with Kudos ***
0 Kudos
Reply
sam_193
Frequent Advisor

‎05-06-2007 10:02 PM

‎05-06-2007 10:02 PM

Re: Help!!!

Thank you for your time!! I am looking for changing the root account name not the password. Please advice .

Thanks anyways,
SAM
0 Kudos
Reply
Rasheed Tamton
Honored Contributor

‎05-06-2007 10:07 PM

‎05-06-2007 10:07 PM

Re: Help!!!

grep root /etc/passwd
root will have gid 0

you can duplicate root account with another name with gid 0 and this new user will be same as root

It is always adivsable to change the root passwd on a routine basis for security reasons but you must always remember it


On single user mode, use vi (vi /etc/passwd) then remove the second field (passwd field) for the root user to null. Each field is separated by a column (:) This means root will have no passwd

root::0:3::/:/sbin/sh
0 Kudos
Reply
V. Nyga
Honored Contributor

‎05-06-2007 10:16 PM

‎05-06-2007 10:16 PM

Re: Help!!!

'Please advice'?

What do you need?

In single user mode you have to edit /etc/password file again and change the login name back to 'root'.
Then reboot and change passwd.

Volkmar
*** Say 'Thanks' with Kudos ***
0 Kudos
Reply
sam_193
Frequent Advisor

‎05-06-2007 10:24 PM

‎05-06-2007 10:24 PM

Re: Help!!!

I need to change my root account name to some other name. Thats all my need.. can you??

Thanks,
SAM
0 Kudos
Reply
sam_193
Frequent Advisor

‎05-06-2007 10:29 PM

‎05-06-2007 10:29 PM

Re: Help!!!

I need to change my root account name to some other name. Thats all my need.. Could you help me for that???

Thanks,
Mubeer
0 Kudos
Reply
V. Nyga
Honored Contributor

‎05-06-2007 11:07 PM

‎05-06-2007 11:07 PM

Re: Help!!!

Hi again,

I think your test has shown, that you can't and shouldn't change 'root' name.
After changing back everything you could try to do it with SAM, but I don't believe that it will work.

Maybe an 'olympian' or another guru will look into this thread and give you assurance, but a better titel for this thread than 'Help!!' would be more helpful for such a strange question.

Till now I've never tried nor read about it, to change the name of 'root'. And I can't imagine, why one would like to do it ....

As mentioned above you can create another user with the same privileges as 'root', but this is also not an advising tipp of the past, nor that it makes your ws more secure.

HTH
V.
*** Say 'Thanks' with Kudos ***
0 Kudos
Reply
Rasheed Tamton
Honored Contributor

‎05-06-2007 11:13 PM

‎05-06-2007 11:13 PM

Re: Help!!!

I think you are trying to apply the windows methods on unix (renaming administrator account to something not familiar). I have not tested the implications of changing the root user name to another name.

So it is up to you to take the risk. If you have a test server to play with you can try it.
This is how you can do it:

vi /etc/passwd
and change the root portion to some thing you need as below:

root::0:3::/:/sbin/sh
to
sysadm::0:3::/:/sbin/sh

On unix system there are a lot of files which owned by the user root and by changing the user name you will be having some problems.

Do not do it on a production server unless you are sure about what you are doing.

regards.
0 Kudos
Reply
V. Nyga
Honored Contributor

‎05-06-2007 11:34 PM

‎05-06-2007 11:34 PM

Re: Help!!!

Hi,

an add to Rasheed's answer:
Users in UX have an unique UID, and UID=0 is called 'root'. Normally you can change the name, because all files and dirs are directed to the UID not the user name.
But there are also some files like /var/spool/cron/crontabs/root who are assigned to the user name. So this could be the problem ...

Volkmar
*** Say 'Thanks' with Kudos ***
0 Kudos
Reply
sam_193
Frequent Advisor

‎05-06-2007 11:45 PM

‎05-06-2007 11:45 PM

Re: Help!!!

Thanks for the advices...
I tried the command and changed the user name. problem is after reboot it is directly going to single user mode.. I need to change the /etc/password file entry back to root to make the system up. Is this behaviour expected after renaming the root account in HP-UX?

Thanks,
SAM
0 Kudos
Reply
V. Nyga
Honored Contributor

‎05-06-2007 11:57 PM

‎05-06-2007 11:57 PM

Re: Help!!!

P.S.
I hope you haven't tried a name that was too long ... have you tried a short name for the begining?
*** Say 'Thanks' with Kudos ***
0 Kudos
Reply
sam_193
Frequent Advisor

‎05-07-2007 12:09 AM

‎05-07-2007 12:09 AM

Re: Help!!!

I tried with shortname only.. root123 is my new name..

Thanks,
SAM
0 Kudos
Reply
drb_1
Occasional Advisor

‎05-07-2007 03:33 AM

‎05-07-2007 03:33 AM

Re: Help!!!

As indicated by others:
o file/process ownership is by uid
o uid is an integer
o uid !0 can change the permissions only of
files/processes it owns
o uid 0 can change the permissions of any
files/processes
o /etc/passwd maps between uid and loginname
o some tools use loginname (ssh, cron, ...)

For example, ssh will not normally allow
remote login as root.
Many boot processes reference their assets
by "root" loginname, and they are thereafter
inaccessible except by root.

If you remove "root" from /etc/passwd,
you will lose these isolation protections.

Consequently, you should not remove "root",
nor change its uid from 0.



After considering the security tradeoffs,
you may consider adding other offices
with uid 0.
Among security considerations, you should consider excluding these offices from remote login, and limitting their use to
sudo without login.
If your intent is to remove the threat of
remote root access (e.g. rootkit attack)
by renaming "root", you should realize that
"security by obscurity is seldom obscure
and never secure.



If you have already removed "root" from
/etc/passwd, you should be able to boot
the system in single-user mode (run level 1)
and use emacs /etc/passwd (or your
favorite editor) to restore root to
/etc/passwd.


If you cannot perform the above, you can
physically remove the hard disk, insert
it into another host, mount the disk (not
as /) and edit the .../etc/passwd file.

Hopefully helpful,
0 Kudos
Reply
Torsten.
Acclaimed Contributor

‎05-07-2007 06:25 AM

‎05-07-2007 06:25 AM

Re: Help!!!

Hi,

your system needs a "root" like a tree does ;-)

You have already seen what happens without "root".

What you want to achieve by renaming root?

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
MarkSyder
Honored Contributor

‎05-07-2007 08:04 PM

‎05-07-2007 08:04 PM

Re: Help!!!

Just in case the message has not got through, DO NOT rename root! Lots of software relies on root's existence and, as you have already found to your cost, the system will not boot if root does not exist.

Almost as important: DO NOT create another user with UID 0. One day an inexperienced sys admin will come along and decide that user is surplus to requirements. He will then remove the user and all files belonging to it. This process works by UID, not user name. Removing all files that belong to UID 0 will leave you without a system.

Mark Syder (like the drink but spelt different)
The triumph of evil requires only that good men do nothing
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.