How to give root access to a user

Grayh · ‎10-07-2008

I want to give root access to a user where in he can use all the commands a root can perform... for ex.. useradd,unsermod.. kernal tuning etc..

Tim Nelson · ‎10-07-2008

Provide them with the root password

Creating another user with uid of 0 is a waste of time and effort and will only confuse file ownerships, process ownerships etc...

Laurent Menase · ‎10-07-2008

su

sudo but need to download it or recompile

RBAC
javascript&colon;openExternal('http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=AccessControl')

Grayh · ‎10-07-2008

I have actually installed RABC... but still the user cannot do a useradd or usermod

Ganesan R · ‎10-07-2008

Hi,

su(switch user)is the preferred option. If you change the UID to 0 it has lot of security issues.

You can install and use SUDO alternatively.

Best wishes,

Ganesh.

Ivan Krastev · ‎10-07-2008

There are many ways to do that: sudo, sam.

If you know what exact will be executed from cmd line use sudo.
If you want to restrict to add/modify/delete users, kernel tunning - use restricted SAM.

regards,
ivan

Grayh · ‎10-07-2008

Could you give me the full command to add a user " test1 " who has all the root privaleges... like usedadd..usermod..kctune etc..

Patrick Wallek · ‎10-07-2008

>>but still the user cannot do a useradd or usermod

What happens when the user tries to run those commands?

Is the user typing 'useradd' and getting an error 'sh: useradd: not found'? If so, then they just need to specify the full path to the command ('/usr/sbin/useradd').

Or is the user getting a 'permission denied' message when attempting to run the command?

Actual messages received when trying the command will help immensely.

Grayh · ‎10-07-2008

$ /usr/sbin/useradd
Permission Denied

Ivan Krastev · ‎10-07-2008

Can you post the output from id command. Maybe you are not root user.

regards,
ivan

Grayh · ‎10-07-2008

$ id test1
uid=110(test1) gid=103(admin)

Grayh · ‎10-07-2008

I did the following

$su test1
Password:

$ /usr/sbin/useradd
Permission Denied

$ id test1
uid=110(test1) gid=103(admin)

Dennis Handly · ‎10-07-2008

>I have actually installed RABC but still the user cannot do a useradd or usermod

You can't do root commands unless you ARE root or you invoke su, sudo or whatever RABC needs to do these commands.

Ivan Krastev · ‎10-07-2008

Have you installed and configured any RBAC, sudo, sam access for that user?
This user (user1) cannot add userr by default - he has not aproppriate permission to edit /etc/passwd, /etc/group ... files.

regards,
ivan

Grayh · ‎10-07-2008

So do I need to install sudo and RABC both .... I am confused

Pulse001 · ‎10-07-2008

if you hav sudo installed pls check for /etc/sudoers file. I am posting one example line for you.Just add the following line at the end of your sudoers file.

gravh ALL=(ALL) PASSWD: ALL

The user has to login using his own a/c and type sudo su and he will be prompted for his own password once more.

OldSchool · ‎10-07-2008

Ok, so you've installed RBAC. Either you've not configured it, or the user is *properly* configured.

I suggest you look here:
http://docs.hp.com/en/5991-8678/ch03s05.html?jumpid=reg_R1002_USEN

Ivan Krastev · ‎10-07-2008

If you already has RBAc installed - just config it. See administration guide here - http://docs.hp.com/en/5991-8678/index.html

The easiest way will be to use sudo or restricted sam. Running and installing both RBAC/sudo is not mandatory. Sudo is easiest to install and manage.

regards,
ivan

Laurent Menase · ‎10-07-2008

RBAC alone is enough

a user which can call useradd can create his own root account.
So rbac is the best solution.

OldSchool · ‎10-07-2008

typo, should have been:

Ok, so you've installed RBAC. Either you've not configured it, or the user is *not properly* configured.

I suggest you look here:
http://docs.hp.com/en/5991-8678/ch03s05.html?jumpid=reg_R1002_USEN

also, configuring another user with root uid is asking for trouble, especially if you forget when removing the user...it is a highly effective way of trashing the system however.

either configure rbac, or let the user "su" to root (he will need the password), or use "sudo" as described above

Grayh · ‎10-07-2008

# sudo 1.6.9p17 sudo
sudo.sudo-RUN
# pwd
/etc
# ll sudo*
sudo* not found

I have instal;led sodu but i cannot find that directory

OldSchool · ‎10-07-2008

"# sudo 1.6.9p17 sudo
sudo.sudo-RUN
# pwd
/etc
# ll sudo*
sudo* not found

I have instal;led sodu but i cannot find that directory "

Which directory are you looking for?

try "which sudo" or "whence sudo" which will tell you where the executable resides (if thats what you are looking for)

I take it that you've abandoned the idea of using RBAC?

If you need to configure the "sudoers" file, then use the "visudo" command. Using normal vi won't work.

as always,"man sudo" might be instructive...

Ivan Krastev · ‎10-07-2008

Ok, time for configure it:

use visudo command (as root) to add entry for desired user - see above example

gravh ALL=(ALL) PASSWD: ALL

this will add superuser access to user gravh after typing user passwords.

After tests better replace last ALL with list of commands: useradd, userdel with full path.

regards,
ivan

James R. Ferguson · ‎10-07-2008

Hi:

> I have instal;led sodu (sic) but i cannot find that directory.

Well, if you obtained 'sudo' from the HP-UX Porting center, then you should know that the installation occurs in '/usr/local'.

If you don't know where something is, you can always 'find' it:

# find / -name "sudo*"

...would be a brute force search everywhere!

Regards!

...JRF...

Grayh · ‎10-07-2008

# which sudo
no sudo in /usr/sbin /usr/bin /usr/ccs/bin /usr/contrib/bin /usr/contrib/Q4/bin
/opt/perl/bin /opt/hparray/bin /opt/nettladm/bin /opt/fcms/bin /opt/sas/bin /opt
/wbem/bin /opt/wbem/sbin /opt/resmon/bin /usr/contrib/kwdb/bin /usr/bin/X11 /opt
/graphics/common/bin /opt/sfm/bin /opt/hpsmh/bin /opt/upgrade/bin /usr/contrib/b
in/X11 /opt/gvsd/bin /sbin /home/root
# whence sudo
#

Could u give me an example of configuring a user "sam" so that I can configure the list of users I have....

thank you

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

How to give root access to a user

How to give root access to a user

Re: How to give root access to a user

Re: How to give root access to a user

Re: How to give root access to a user

Re: How to give root access to a user

Re: How to give root access to a user

Re: How to give root access to a user

Re: How to give root access to a user

Re: How to give root access to a user

Re: How to give root access to a user

Re: How to give root access to a user

Re: How to give root access to a user

Re: How to give root access to a user

Re: How to give root access to a user

Re: How to give root access to a user

Re: How to give root access to a user

Re: How to give root access to a user

Re: How to give root access to a user

Re: How to give root access to a user

Re: How to give root access to a user

Re: How to give root access to a user

Re: How to give root access to a user

Re: How to give root access to a user

Re: How to give root access to a user

Re: How to give root access to a user