HPE Community
Operating System - HP-UX
1855739 Members
5749 Online
104103 Solutions
New Discussion

Root equivalence to normal user

 
SOLVED
Go to solution
Global Service Desk
Frequent Advisor

‎01-12-2006 09:51 PM

‎01-12-2006 09:51 PM

Root equivalence to normal user

Hi,

I am trying to find out, how to add a normal user as root, i searched for thread in forum but nothing i could found.

let me give my requirement :

I have 4 users in a group app1 :

user1
user2
user3
user4,

now, i want user1 should have root privilises also.

can some body help me ??

Thanks in advance !!

Regards
GOvidaG.
0 Kudos
Reply
16 REPLIES 16
MarkSyder
Honored Contributor

‎01-12-2006 09:57 PM

‎01-12-2006 09:57 PM

Solution

Re: Root equivalence to normal user

This can easily be done but is not recommended - it is a security risk. Far better to use sudo and let user1 etc. have access to specified root commands (not including switching user to root). sudo has the added advantage of keeping a log of what each user has done, so if someone does something destructive you can see who it was.

If you really insist on doing it the non-recommended way, you need to give the users a uid of 0.

Mark Syder (like the drink but spelt different)
The triumph of evil requires only that good men do nothing
Reply
Jean-Yves Picard
Trusted Contributor

‎01-12-2006 09:57 PM

‎01-12-2006 09:57 PM

Re: Root equivalence to normal user

Hello,

/etc/passwd look like :

root:PWCrypticpwd:0:3::/:/sbin/sh
daemon:*:1:5::/:/sbin/sh
bin:*:2:2::/usr/bin:/sbin/sh
sys:*:3:3::/:

that is seven field separated by :
when the third field is 0 (zero) user is root.

you need to be root to edit /etc/passwd.

Jean-Yves Picard

Reply
Global Service Desk
Frequent Advisor

‎01-12-2006 10:23 PM

‎01-12-2006 10:23 PM

Re: Root equivalence to normal user

HI,

Thanks for the quick responses !!

But, i wonder if ther is any other way to give root pricilisez other than giving the user UID 0,

rgds,
GovindaG,
0 Kudos
Reply
Arunvijai_4
Honored Contributor

‎01-12-2006 10:24 PM

‎01-12-2006 10:24 PM

Re: Root equivalence to normal user

Hi,

You can use "sudo" to do this. Also, it is the most secure way of doing.

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Reply
Arunvijai_4
Honored Contributor

‎01-12-2006 10:28 PM

‎01-12-2006 10:28 PM

Re: Root equivalence to normal user

Hi, Check these threads as well,

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=970859
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=364928

Without uid 0, you can do with Group of root.

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
Reply
Devender Khatana
Honored Contributor

‎01-12-2006 10:30 PM

‎01-12-2006 10:30 PM

Re: Root equivalence to normal user

Hi,

Allthough you should know how to do it. Still you should not do it.

Setting UID=0 i.e. third field in the entry for that user in /etc/passwd will make it having same previledges as root.

HTH,
Devender
Impossible itself mentions "I m possible"
Reply
Pete Randall
Outstanding Contributor

‎01-12-2006 10:32 PM

‎01-12-2006 10:32 PM

Re: Root equivalence to normal user

As previously mentioned, probably the best way to accomplish this is to install and configure sudo:

http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.8p9/

The only other ways are to set up restricted SAM to allow non-privileged users access to certain SAM functions, or to write setuid wrapper scripts, which is also considered a security risk.


Pete

Pete
Reply
Arunvijai_4
Honored Contributor

‎01-12-2006 10:51 PM

‎01-12-2006 10:51 PM

Re: Root equivalence to normal user

Hi,

Sudo is part of Internet express as well, it has compiled with more options. You can download from,

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1111


-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
Reply
Vipulinux
Respected Contributor

‎01-12-2006 10:56 PM

‎01-12-2006 10:56 PM

Re: Root equivalence to normal user

Hi

While craeting the user using useradd command, use -o option & specify id as 0



Cheers
0 Kudos
Reply
Global Service Desk
Frequent Advisor

‎01-12-2006 11:01 PM

‎01-12-2006 11:01 PM

Re: Root equivalence to normal user

hi,

Thanks again for info,

can any body tell me how to user sudo ??

any docs are greatly appriciated ??

regards
GOvinda
0 Kudos
Reply
Devender Khatana
Honored Contributor

‎01-12-2006 11:07 PM

‎01-12-2006 11:07 PM

Re: Root equivalence to normal user

Hi,

Sudo will come as a SD format file. Which can be installed using swinstall.

#swinstall -s /path_to_depot/file_name.depot

After installing you can add user/groups to the sudoers file in the syntax allready mentioned in the sudoers file. Use visudo to edit the sudoers fileot ALL=(ALL) ALL


#visduo

The entries should look like
=============================
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
%iocl iocbk101 = /usr/sbin/dmesg
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL

# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
hpce mydb=/usr/bin/rlogin,/usr/lbin/remshd,/usr/sbin/cmviewcl, /usr/sbin/cmviewcl -v, /usr/sbin/dmesg, /usr/sbin/vxdmpadm listctlr al
l, /usr/sbin/sam, /usr/sbin/swinstall, /opt/contrib/bin/nickel, /usr/bin/gsp, /sbin/ioscan, /opt/ignite/bin/make_tape_recovery


HTH,
Devender
Impossible itself mentions "I m possible"
Reply
Devender Khatana
Honored Contributor

‎01-12-2006 11:09 PM

‎01-12-2006 11:09 PM

Re: Root equivalence to normal user

Hi,

This was a typo and the command should be

#visudo

HTH,
Devender
Impossible itself mentions "I m possible"
Reply
Global Service Desk
Frequent Advisor

‎01-12-2006 11:19 PM

‎01-12-2006 11:19 PM

Re: Root equivalence to normal user

I am having few questions..

since i am new to SUDO. i really dont know how it works ? and what are the files it is associated with etc..

can i get any details pointers to this ???

Thanks in advance !!

Regards
GOvinda G.
0 Kudos
Reply
Yogeeraj_1
Honored Contributor

‎01-12-2006 11:40 PM

‎01-12-2006 11:40 PM

Re: Root equivalence to normal user

hi,

below a list of resources concerning SUDO that i have bookmarked

http://www.courtesan.com/sudo/intro.html
http://www.unixcities.com/sudo/

https://h20293.www2.hp.com/portal/swdepot/try.do?productNumber=HPUXIEXP1111

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=630557

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=102058


see also:
man sudo
man visudo
/opt/sudo/etc/sudoers.conf file.


hope this helps

kind regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
Reply
so_2
Regular Advisor

‎01-13-2006 02:14 AM

‎01-13-2006 02:14 AM

Re: Root equivalence to normal user

use the following command

#usermod -u 0 -o

this will change the uid of user to "0" and that user will get super user previlage.

Thanks
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎01-13-2006 02:28 AM

‎01-13-2006 02:28 AM

Re: Root equivalence to normal user

Hi:

Whatever you do, do *not* have accounts other than 'root' with a uid=0.

Consider what will happen if there is an account named 'govidag' that you have setup with a uid=0.

# find / -user govidag -exec rm -rf {} \;

...you thought that you were removing files and directories belonging to 'govidag'. In a manner of speaking you were --- for uid=0 which happens to be 'root'.

Regards!

...JRF...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.