HPE Community
Operating System - HP-UX
1833714 Members
2392 Online
110063 Solutions
New Discussion

how to create a local user with "root" access

 
SOLVED
Go to solution
praveen..
Super Advisor

‎05-29-2006 10:10 PM

‎05-29-2006 10:10 PM

how to create a local user with "root" access

Hi,
I need to create a local user which has root access to run some root related commands like "powermt" etc.

please suggest how to create this user named "root_user"?
0 Kudos
12 REPLIES 12
Robert-Jan Goossens_1
Honored Contributor

‎05-29-2006 10:14 PM

‎05-29-2006 10:14 PM

Re: how to create a local user with "root" access

Hi Praveen,

Best solution is to create a normal user and install/configure sudo to add some root privileges to this user.

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.8p12/

Otherwise you could add a user with uid 0 but this is not advised.

Regards,
Robert-Jan
0 Kudos
Kenan Erdey
Honored Contributor

‎05-29-2006 10:27 PM

‎05-29-2006 10:27 PM

Re: how to create a local user with "root" access

hi;

i think you asked a question before like this. weren't you able to get a result ?

1. download and install sudo first.
2. then add root_user.
3. run visudo.
4. if you want this user run all root commands.
add a line like:

root_user ALL = (ALL)NOPASSWD: ALL

or you can just write the command that he can run. (see other thread)

but he will still have path related problems. and he can't run commands. you can add the directories which contain executables to root_user's path.( in .profile file in his home directory)
like /usr/sbin and /sbin. or if executable is in another directory you must add it.

or he can run commands using the full path.

hope it helps.


Computers have lots of memory but no imagination
0 Kudos
Pete Randall
Outstanding Contributor

‎05-29-2006 10:28 PM

‎05-29-2006 10:28 PM

Re: how to create a local user with "root" access

The other alternative is to grant restricted SAM access to this user in order to allow them to use SAM to accomplish certain root tasks.

See "sam -r".


Pete

Pete
0 Kudos
Mridul Shrivastava
Honored Contributor

‎05-29-2006 11:08 PM

‎05-29-2006 11:08 PM

Re: how to create a local user with "root" access

Create a normal user named root_user and then edit /etc/passwd file using vipw then change the userid to 0 ( same as root).
It'll create a user with root priviledges.
Time has a wonderful way of weeding out the trivial
0 Kudos
James R. Ferguson
Acclaimed Contributor

‎05-30-2006 12:07 AM

‎05-30-2006 12:07 AM

Solution

Re: how to create a local user with "root" access

Hi Praveen:

Do *not* create multiple uid=0 entries!

It matters not what you call the entity. A uid=0 confers superuser privilege.

However, should your (or someone else) ever do:

# find / -user root_user -exec rm -rf {} \;

...or anything like it, thinking that they wiil remove anything owned by 'root_user'...

...or simply use SAM to remove 'root_user' and toggle the option to remove the user's files...

*ALL* files owned by uid=0 will be removed. I hope at that point you have a viable Ignite image of your server.

As noted, use 'sudo' or Restricted SAM, or even write a setuid=root C-code wrapper for the commands that you need root privilege to execute.

Regards!

...JRF...
Regards!

...JRF...
0 Kudos
TKeller
Frequent Advisor

‎05-30-2006 02:50 AM

‎05-30-2006 02:50 AM

Re: how to create a local user with "root" access

As people have stated before, sudo is the better (and more secure) way of giving limited root access. I suggest going one step further and create a group as well as a command list. Example is below.

# /usr/sbin/visudo
User_Alias ROOT_USERS = root_user1

Cmnd_Alias SECURE = /sbin/powermt

ROOT_USERS ALL=SECURE

:wq!

The above will create a ROOT_USERS group that you can add or remove people from and gives them explicit access to the command alias group SECURE, which is one command. Password is asked every time, and hence, logged via syslog.

I do this on all of my machines if people need root access. If they need custom scripts, I also audit or write them myself.
It is said you should treat your body like a temple. I treat mine like an amusement park.
0 Kudos
Rick Garland
Honored Contributor

‎05-30-2006 02:53 AM

‎05-30-2006 02:53 AM

Re: how to create a local user with "root" access

As mentioned, not a good idea to create another acct with UID=0.

Other options are 'sudo' (which is available from software.hp.com) and PowerBroker (a cost product)

These will allow specified users the ability to run commands as root.
0 Kudos
praveen..
Super Advisor

‎05-31-2006 11:11 PM

‎05-31-2006 11:11 PM

Re: how to create a local user with "root" access

hi,
i have updated sudoers file using #visudo command and added these entry

#visudo
User_Alias ROOT_USERS = acxmrt
Cmnd_Alias SECURE = /sbin/powermt
ROOT_USERS ALL = SECURE
:wq!

now i am trying with "acxmrt" user to run the "$powermt save" command but it is giving this error:

$ /sbin/powermt save
sh: /sbin/powermt: Execute permission denied.

I have tried also in visudo with these options:
#visudo
acxmrt ALL = (ALL) NOPASSWD: ALL
#visudo
acxmrt ALL = (ALL) NOPASSWD: /sbin/powermt
#visudo
acxmrt ALL = (root) NOPASSWD: /sbin/powermt

but still i am not able to run "powermt save" command using my local user "acxmrt"

please suggest



0 Kudos
rariasn
Honored Contributor

‎06-01-2006 12:45 AM

‎06-01-2006 12:45 AM

Re: how to create a local user with "root" access

Hi praveen,

# chown root /sbin/powermt
# chmod u+s,o+x /sbin/powermt
# ll /sbin/powermt

-r-sr-xr-x 1 root bin 561152 Nov 9 2004 /sbin/powermt

With one user (no root):

?/sbin/powermt display
Symmetrix logical device count=180
CLARiiON logical device count=0
==============================================================================
----- Host Bus Adapters --------- ------ I/O Paths ----- ------ Stats ------
### HW Path Summary Total Dead IO/Sec Q-IOs Errors
==============================================================================
15 0/4/0/0.33.25.19.0 optimal 6 0 - 0 0
17 0/2/0/0.33.25.19.0 optimal 6 0 - 0 0
19 0/4/0/0.33.25.19.1 optimal 24 0 - 0 0
20 0/2/0/0.33.25.19.1 optimal 24 0 - 0 0
25 0/4/0/0.98.15.19.0 optimal 102 0 - 0 0
26 0/2/0/0.98.15.19.0 optimal 102 0 - 0 0
29 0/4/0/0.33.25.19.3 optimal 44 0 - 0 0


rgs,

ran
0 Kudos
Patrick Wallek
Honored Contributor

‎06-01-2006 01:15 AM

‎06-01-2006 01:15 AM

Re: how to create a local user with "root" access

How is sudo supposed to help if you don't invoke it?

You must preface any command you want to run via sudo, with sudo. To run your powermt you must do:

$ sudo /sbin/powermt save
0 Kudos
praveen..
Super Advisor

‎06-08-2006 08:01 PM

‎06-08-2006 08:01 PM

Re: how to create a local user with "root" access

Hi,
I have added these lines in sudoers files:

User_Alias FULLSUDO = sestj , serab, sebos, seglb, searj, semab, sejos, prkeg

FULLSUDO ALL=(root) NOPASSWD: ALL

please let me know are these users (sestj , serab, sebos, seglb, searj, semab, sejos, prkeg) able to run all the commands including #passwd command (to change the root password)

can they change the root password?

thanks

0 Kudos
praveen..
Super Advisor

‎06-08-2006 10:54 PM

‎06-08-2006 10:54 PM

Re: how to create a local user with "root" access

Hi,
I have added these lines in sudoers files:

User_Alias FULLSUDO = sestj , serab, sebos, seglb, searj, semab, sejos, prkeg

FULLSUDO ALL=(root) NOPASSWD: ALL



thanks
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.