HPE Community
Operating System - HP-UX
1820478 Members
2959 Online
109624 Solutions
New Discussion

hpdb account

 
SOLVED
Go to solution
Thi Vu
Frequent Advisor

‎01-31-2003 06:35 AM

‎01-31-2003 06:35 AM

hpdb account

Hi all,

Can you please tell me what the "hpdb" account is? All I know is that it's a system account, when I tried to remove it, but what is the account use for or who uses it and what will be the result if I remove it.

Thi
0 Kudos
Reply
1 REPLY 1
Helen French
Honored Contributor

‎01-31-2003 06:39 AM

‎01-31-2003 06:39 AM

Solution

Re: hpdb account

This is from TKB# KBRC00007343:

PROBLEM
Why is hpdb showing in my /etc/passwd, I didn't create it ?




RESOLUTION

In order for ALLBASE/SQL to work successfully, a special user 'hpdb'
must havewrite access to the directory in which the DBEnvironment files are
stored.
The "Database Creation and Security" chapter of the ALLBASE/SQL Database
Administration Guide documents that this directory should be created with a mode
of 755, be owned by userid 'hpdb', and be associated with group bin. When the
directory is set up in this way, only the user 'hpdb' is able to modify the
data. When users run ALLBASE/SQL, they obtain an effective user id
of 'hpdb'
(i.e. they temporarily "become" hpdb) and may modify the data (if they pass all
security checks in ALLBASE/SQL).

Users who are familiar with UNIX security may be tempted to modify the owner of
the directory in which the DBEnvironment files are stored to root, since this is
a common UNIX security action. However, this action SHOULD NOT BE TAKEN, since
ALLBASE/SQL will not perform correctly. If the directory is owned by
root with
a mode of 755, only root is able to modify the data in the DBEnvironment files.
The user 'hpdb' will be denied modify/create capabilities because of standard
UNIX security checks. Even when root runs ALLBASE/SQL, he assumes the
effective user id of 'hpdb', and ALLBASE/SQL will not work correctly.

The user 'hpdb' should be entered in the /etc/passwd file with a user id of 27,
and a passwd of :*: to insure that no one may login as hpdb. The ALLBASE/SQL
"Read Me First" document recommends that the /etc/passwd entry be:

hpdb:*:27:2: hpdb ALLBASE/SQL:/usr:/bin/cs


From an Allbase/SQL point of view I can answer the question. I do
not know however if any other application has taken advantage of the
existance of the user hpdb on HPUX. I don't think they have but cannot
guarantee this.

Allbase/SQL requires the existance of hpdb, if your Customer does
not use Allbase/SQL and has no intention of installing it then they
don't need this user.

However as it's set up you cannot login as hpdb because
you don't know the password so unless someone logged on as root changes
the password I'm not sure it's a great security issue.

Allbase/SQL ships binaries that are owned by hpdb I suspect it is
simpler from an installation point of view if the user is already there
and avoids the issue of having Customers create a user hpdb which may
conflict with our use of user hpdb.

My recommendation would be to not remove it unless there was a very
good reason to do so and you were sure you would never try and install
Allbase/SQL on the system.
Life is a promise, fulfill it!
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.