HPE Community
Operating System - HP-UX
1832247 Members
2336 Online
110041 Solutions
New Discussion

Re: how to su a user id without password

 
SOLVED
Go to solution
hangyu
Regular Advisor

‎10-03-2006 07:51 PM

‎10-03-2006 07:51 PM

how to su a user id without password

In the system ,there is a user id "user1" , I want to let other user id can su to this id without input password , but this user id (user1) MUST have password ( can't be null password), can advise what can i do ? thx.
0 Kudos
Reply
6 REPLIES 6
Peter Godron
Honored Contributor

‎10-03-2006 08:39 PM

‎10-03-2006 08:39 PM

Solution

Re: how to su a user id without password

Hi,
sudo would be my answer.
Please see thread:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=80250

But the link is old ! New link to:
http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.8p9/
Reply
Yang Qin_1
Honored Contributor

‎10-03-2006 08:42 PM

‎10-03-2006 08:42 PM

Re: how to su a user id without password

It depends on how you want to secure your system.

1. Use sudo. When user2 su to user1, system will ask for password of user2 but not user1.

2. Easy but "dirty". Create .rhosts file in user1's home dir. In .rhosts file put

hostname user2
hostname user3
hostname user4

When user2, 3, 4 ... do a rlogin hostname -l user1. The system will log user2 in with password challenge

Yang
Reply
Victor BERRIDGE
Honored Contributor

‎10-03-2006 08:51 PM

‎10-03-2006 08:51 PM

Re: how to su a user id without password

Hi,
Just for information, in sudo, there is an option NOPASSWD...
How would batches work otherwise...
So it is your best choice


All the best
Victor
Reply
Doug O'Leary
Honored Contributor

‎10-04-2006 01:43 AM

‎10-04-2006 01:43 AM

Re: how to su a user id without password

Hey;

Sudo is probably the quickest/easiest solution. Another possiblity is to use ssh w/Public Key authentication.

Each user generates their ssh key paris, adds the public key to the ~${user1}/.ssh/authorized_keys file.

From there the authorized users would be able to "ssh -l ${user1} [localhost|$host]" to get a shell or ssh -l ${user1} [localhost|$host] ${command} to execute commands.

HTH;

Doug

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
Reply
Pratyush Paul_1
Valued Contributor

‎10-05-2006 01:00 AM

‎10-05-2006 01:00 AM

Re: how to su a user id without password

hi - there are 2 options for you.

1. you can use ssh and use the authorized keys to allow the user.

2. you can use sudo with NOPASSWD option for that user.

Please do not use .rhost file, there is security risk. Given a choice I would be using sudo.

Thanks

Pratyush
Die Hard
Reply
Doug O'Leary
Honored Contributor

‎10-05-2006 01:30 AM

‎10-05-2006 01:30 AM

Re: how to su a user id without password

>>2. you can use sudo with NOPASSWD option for that user.

>>Please do not use .rhost file, there is security risk. Given a choice I would be using sudo.

I've always considered the NOPASSWD option to sudo to be as big, if not bigger security hole as the ~/.rhosts files.

If you need batch processing which requires running commands as another user, your best option is ssh with public key authentication. Sudo is easier to connfigure, but is significantly less secure if you're using the NOPASSWD option.

Assuming you don't need batch processing, sudo is probably your best/easiest solution.

HTH;

Doug

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.