HPE Community
Operating System - HP-UX
1833776 Members
1976 Online
110063 Solutions
New Discussion

Re: reactivate root acount!!

 
Oliver Schmitz
Regular Advisor

‎06-06-2005 11:44 PM

‎06-06-2005 11:44 PM

reactivate root acount!!

Dear all,

some weeks ago I converted my HP-UX11.i into an trusted system. Everything worked fine after all users set new passwords and time went by. Today I try to do su to root (which I did several times before after the conversion, so I am convinced to use the correct password) but it tells me that the acount is disabled.
I think that someone else tried several times to login as root and diabled the acount! Could this be?
If or not is there a w3ay to reactivate it?? And if what can I do to avoid this situations. Just setting the amount of test logins to infinite?

Thanks for help. I am lost.

Oliver
Oliver Schmitz
0 Kudos
Reply
4 REPLIES 4
Tomek Gryszkiewicz
Trusted Contributor

‎06-07-2005 12:07 AM

‎06-07-2005 12:07 AM

Re: reactivate root acount!!

When root is disabled, you can still login as root from console

-Tomek
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

‎06-07-2005 12:08 AM

‎06-07-2005 12:08 AM

Re: reactivate root acount!!

Hi Oliver,
Look at this doc:
http://www5.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000065680128
If you cannot acces I will cut and paste a bit..

Now to avoid this happening on trusted there are:
Not allowing people to connect as root other than the console
Use sudo and see what can be done /etc/default/security
Change the amount of failed to more than default (3...)
...
But more important give yourself the rights to all in rectrited sam AND especially to reboot the box in case you have to go single user...


All the best
Victor
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎06-07-2005 12:12 AM

‎06-07-2005 12:12 AM

Re: reactivate root acount!!

Logging into the console will automatically reactivate the root account.

If you no longer know the root password you can boot into single user mode and null out the password entry in /tcb/auth/files/r/root file.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Doug O'Leary
Honored Contributor

‎06-07-2005 12:46 AM

‎06-07-2005 12:46 AM

Re: reactivate root acount!!

Hey;

As others have posted, sudo is probably your best bet to avoid this in the future. Create an admin group and place all sysadmins in it. Then, download and install sudo. Execute visudo and place

%admin ALL=(ALL) ALL

in it.

Once saved and exited, anyone in the admin group will be able to execute any command as root by:

sudo ${command}

So, if you want to reenable the root account:

sudo /usr/lbin/modprpw -k root

You'll have to remember to removve anyone that leaves the company or no longer needs sysadmin privileges from the admin group.

HTH;

Doug

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.