HPE Community
Operating System - HP-UX
1827458 Members
4730 Online
109965 Solutions
New Discussion

root access

 
sheevm
Regular Advisor

‎08-22-2002 12:11 PM

‎08-22-2002 12:11 PM

root access

Hi ALL:

Oracle DBA is working on express server installtion. He says he needs to login as root to shutdown and startup the express server. The script checks if the user is not root i terminates. The documentation says the user should logon as root to run the startup script.

We do not like anyone to get the root password. Is there any work around on this?

Thanks

be good and do good
0 Kudos
Reply
11 REPLIES 11
Hai Nguyen_1
Honored Contributor

‎08-22-2002 12:15 PM

‎08-22-2002 12:15 PM

Re: root access

Raji,

Install sudo which allows you to give root access to normal users. Search for sudo in HP software public domain as well as in this forum for more info.

Hai
0 Kudos
Reply
Sanjay_6
Honored Contributor

‎08-22-2002 12:17 PM

‎08-22-2002 12:17 PM

Re: root access

Hi,

You can use sudo, free & downloadable from hp porting site to give your access to commands that can be run as root.

http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.6/

Or you can use licensed softwares like powerbroker, trial download available from their website,
http://www.symark.com

Hope this helps.

Regds
0 Kudos
Reply
Sachin Patel
Honored Contributor

‎08-22-2002 12:18 PM

‎08-22-2002 12:18 PM

Re: root access

sudo or super

http://hpux.cs.utah.edu/

Sachin
Is photography a hobby or another way to spend $
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎08-22-2002 12:19 PM

‎08-22-2002 12:19 PM

Re: root access

Yup, like the other person said, SUDO is the way to go. Why?
sudo allows users to "su" to any other account provided that they have access to do so (defined by root).
SUDO supports ACL's, aliases, extensive logging, and more.

I use sudo daily as engineers have to be able to mount cdroms in hp-ux. (get with it HP, vold is where it's at he hem). I wrote a script that lets them mount a cdrom, and umount the cdrom, so no more phone calls and whining! ;)

Regards,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
Tom Danzig
Honored Contributor

‎08-22-2002 12:30 PM

‎08-22-2002 12:30 PM

Re: root access

You could make the startup script SUID root

chown root:bin <scriptname>
chmod 4755 <scriptname>

Not the wisest idea for security, however, it's better than giving out the root password in my opinion.
0 Kudos
Reply
SteveKirby
Frequent Advisor

‎08-22-2002 08:28 PM

‎08-22-2002 08:28 PM

Re: root access

I would use the SUID script as well.

Turn the startup and shutdown commands into a script.

startexpress.sh
stopexpress.sh

chown root: startexpress.sh
chmod 4550 startexpress.sh

====

I tired to do a little more research on the Orale side about Express Server .. and everything I can find also says that the 'Service' has to be started as root.

Steve
0 Kudos
Reply
Ollie R
Respected Contributor

‎08-22-2002 09:21 PM

‎08-22-2002 09:21 PM

Re: root access

Hi Raji,

Using setuid on shell scripts does not work. This is a security loophole that was closed many years ago. Setuid only works on binaries. (To prove, try running a root-setuid script as another user that does an "id" command or a "whoami" command).

As far as I can see you need to do 2 things:

* create or use a DBA user on your system and add this to /etc/shutdown.allow - a standard feature of HP-UX

* use SUDO (or some other equivalent) to run the ORACLE installation - indeed you must be root to run the installation

Hope this helps,

Ollie.
To err is human but to not award points is unforgivable
0 Kudos
Reply
Jean-Luc Oudart
Honored Contributor

‎08-23-2002 12:22 AM

‎08-23-2002 12:22 AM

Re: root access

In a previous thread, "asroot" type command was requested.
I suugested a solution we use here,i.e. have a C program that callls the script.
the binary will be ownned by root with setuid bit.
+ use ACL to protect the binary.

check :
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x4b0857bd90a9d611abdb0090277a778c,00.html

Jean-Luc
fiat lux
0 Kudos
Reply
Tom Danzig
Honored Contributor

‎08-23-2002 05:24 AM

‎08-23-2002 05:24 AM

Re: root access

Ollie,

SUID scripts WILL work provided certain rules are followed. USe #!/sbin/sh as the first line, set path to trusted paths (i.e. PATH=/usr/bin:/usr/sbin), and chmod 4755.
0 Kudos
Reply
Sean OB_1
Honored Contributor

‎08-23-2002 05:57 AM

‎08-23-2002 05:57 AM

Re: root access

Install sudo then set up this user so that he can only execute the startup and shutdown scripts.

Sudu runs the command as root, but the user never has the root password.
0 Kudos
Reply
Victor_5
Trusted Contributor

‎08-23-2002 05:57 AM

‎08-23-2002 05:57 AM

Re: root access

sudo is one solution, you have been given a lot of suggestions on this; another one is SCM, which supported by HP, you can find the details from

http://www.docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B8339-90030/B8339-90030_top.html&con=/hpux/onlinedocs/B8339-90030/00/00/7-con.html&toc=/hpux/onlinedocs/B8339-90030/00/00/7-toc.html&searchterms=scm&queryid=20020823-070205
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.