Re: how to create one user account which previlege the same as root

Eric Unix · ‎07-30-2008

Dear Sirs

How to create one user account which previlege the same as root in HP 11i.
Thanks a lot.

Best Regards
Eric

Look forward

Anshumali · ‎07-30-2008

1. Use sudo....man sudo for more details.
This way functionalities can be restricted and you can allocate the access properly. check these threads as well.
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1187611
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1187025

2. If thats 11.11, you may also consider using sam -r, if your task can be performed using sam.
3. I would never suggest creating a uid 0 user, not advisable.

Anshu

Dreams are not which you see while sleeping, Dreams are which doesnt allow you to sleep while you are chasing for them!!

Patrick Wallek · ‎07-30-2008

Easy -- Don't!

What gives the root user it's root capabilities is its UID of 0. You can create another user and give it a UID of 0, but this is considered to be a very serious security issue.

The better way is to just create a normal user, and then install and configure sudo and grant that user access to what (s)he needs via sudo.

Another option, depending on your 11i version (1, 2 or 3) is to use HP's RBAC (Role Based Access Control) software. RBAC is available from here:

http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=AccessControl

Deepak Kr · ‎07-30-2008

Speically if you are running oracle Database product you may have issues if system contains two users with ID 0 like root user.

So better way keeping security in mind try using SUDO.

"There is always some scope for improvement"

Dennis Handly · ‎07-30-2008

You simply use vipw(1m) to clone the root entry and then change the name.
There are other threads that say this isn't a good idea:
http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1186128

Tingli · ‎07-31-2008

Create a wheel group and using sudo to give it the root privilage. See sudo man page.

The User specification is the part that actually determines who may run what.

root ALL = (ALL) ALL
%wheel ALL = (ALL) ALL
We let root and any user in group wheel run any command on any host as any user.

Eric Unix · ‎08-05-2008

Dear All

how to get the sudo software, seems still not install it. thanks a lot.

Best Regards
Eric

Look forward

Pete Randall · ‎08-05-2008

http://hpux.its.tudelft.nl/hppd/hpux/Sysadmin/sudo-1.6.9p17/

Pete

Pete

F Verschuren · ‎08-06-2008

if sudo is not a option..
And you do not care about security the anwser on the question is:
useradd -o -u 0 -g 0 -c "this_acount_is_root" yourname

and than ad yourname to:
/etc/shutdown.allow
/var/adm/cron/at.allow
/var/adm/cron/cron.allow

This wil create a user that has the same rights as root, befor you can remove it you have to change the userid (examlie whit sam) els the user is not removable...

But as already told only use this solution for systems where security is not needed!

Dennis Handly · ‎08-06-2008

>F Verschuren: then add yourname to:
/etc/shutdown.allow
/var/adm/cron/at.allow
/var/adm/cron/cron.allow

If you are an alternate root, you don't need to add your name here.

Eric Unix · ‎11-03-2008

Hello All

Have any easy steps to setup sudo tool ?
Please kindly help me on this.
Thanks a lot.

BR
eric

Look forward

Suraj K Sankari · ‎11-03-2008

Hi,

Please download the sudo software from this link
http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.9p17/

then install the same
after installing follow these steps

whereis visudo
visudo: /usr/sbin/visudo

$/usr/sbin/visudo it will open some temp file when you save it will save as /etc/sudoers

put these entrys
%group testbox=/usr/bin/ioscan ( for perticular group access)
username testbox=/usr/sbin/sam ( for perticular user in server testbox)

save the file

login with normal user
$ sudo -l
Password:
User monitor may run the following commands on this host:
(root) /usr/bin/ioscan
(root) /usr/sbin/sam

like you can see
for execut
sudo /usr/bin/ioscan
Password:

Suraj

Eric Unix · ‎11-14-2008

Hello All

Thanks in advance for your kind feedback.
Now I use the sudo tool, but got some problems :

1. if i want user or group can use all command but only except on " su " , then how to setup it ?

2. I can not find out the manual, do you know where can i got it ?

Thanks in advance all of your kind input :-)

BR
eric

Look forward

Patrick Wallek · ‎11-14-2008

Sudo documentation here:

http://www.sudo.ws/sudo/

Look along the left side of the screen for the documentation area.

Eric Unix · ‎11-14-2008

Hello Patrick

Got it , and i will try to setup it on my box. Thank you very much.

Best Regards
Eric

Look forward

Eric Unix · ‎11-17-2008

Hello All

If i want users can run all commands but only one command " /usr/bin/su" cannot be run. Then how to setup it.
I have try to setup is as follows :

eric prodsvr = noexec : /usr/bin/su

and login eric then run as follows :
$ sudo su
>>> sudoers file: syntax error, line 23 <<<
sudo: parse error in /usr/local/etc/sudoers near line 23

why ? someone help me ? Thanks a lot.

BR
eric

Look forward

Johnson Punniyalingam · ‎11-17-2008

commands "who am i" and "whoami". In an su situation, "who am i" will report the user you su from while
"whoami" will report the user you su to.

In this way, depending on the login shell you are using, you can modify .profile/.cshrc/.login of your
paticular user account accordingly to suit your needs.

For example, add the following to the beginning of your oracle's .profile:
=============================================
trap "" 1 2 3
if [ "who am i|awk '{print $1}' != "whoami" ]
then
# this implies an su, thus proceed on
# with the rest of your command executions.
else
# this user must have logged on direct
# without su'ing thus logout this user
logout
fi
trap 1 2 3
=============================================

To prevent your user from modifying his own .profile to workaround it, remember to change the ownership of oracle's .profile to root and chmod 755 the .profile.

Thanks,
Johnson

Problems are common to all, but attitude makes the difference

prasadb · ‎11-17-2008

hi Eric,
keep assigning the points for these Geeks who are giving their valuable time to resolve ur problem

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: how to create one user account which previlege the same as root

how to create one user account which previlege the same as root