HPE Community
Operating System - HP-UX
1834569 Members
3794 Online
110069 Solutions
New Discussion

Root equivelant

 
Scott Rope_1
Occasional Contributor

‎11-29-1999 06:02 AM

‎11-29-1999 06:02 AM

Root equivelant

How can I make a user (my account) have the same privileges as root, ie.. be
able to open sam and reactivate roots password if it gets locked out. Also is
there a way to set root up so that it can be locked out everywhere after three
tries EXCEPT at the system console??


Scott Rope
0 Kudos
Reply
4 REPLIES 4
Neil Gast_1
Frequent Advisor

‎11-29-1999 06:23 AM

‎11-29-1999 06:23 AM

Re: Root equivelant

The only way to have the same privileges as root is to be root, or a root
equivalent. Change your UID in the passwd file to 0 (zero), and you're root
automagically from then on.

Sam is a little different than other tools. It does its own checking to see if
the user is a root user. If not, it spits a nice warning message, then exits.
You might be able to wrangle some funky Sam access thru sneaky use of suid
scripts, but I wouldn't recommend it.

As for the three strikes lockout problem, I don't think there is a distinction
made between a console login and some other type of attempt -- probably by
design -- so there's no way to disable lockout for different modes.

MrNeil
0 Kudos
Reply
Anthony Goonetilleke_1
Regular Advisor

‎11-29-1999 06:39 AM

‎11-29-1999 06:39 AM

Re: Root equivelant

Sam actually works a little easier as you can start sam with a -r which invokes
the restricted SAM builder you can then go in and enable everything for a
particular user. There are a few restrictions that apply but you can get a lot
of functionality for a specific user this way instead of giving them root
access.
0 Kudos
Reply
Dan Hull
Regular Advisor

‎11-29-1999 08:47 AM

‎11-29-1999 08:47 AM

Re: Root equivelant

Actually there is a way to lockout root everywhere but the console - it's
called truting your system. When the system is trusted, any user who fails a
login 3 times gets their account locked, including root. However, root can
still login from the console even when the account is locked.
0 Kudos
Reply
Michael Starogardzki_1
New Member

‎11-30-1999 11:20 PM

‎11-30-1999 11:20 PM

Re: Root equivelant

For the special purpouse to logon onto a locked account, it might work to use
the file .rhosts
Assuming that the locked user is named lock and the user, who wants to login on
his accout is named me and the host where both of them resite is called host1
it may look like this:

Before anything goes wrong, create the file .rhosts in the home-directory of
the user (e.g. /home/lock). Insert a line withe the hostname in it and the name
of the user who should have permission to log on for him:
host1 me

Then, if things went wrong, and the user 'lock' has been locked, use 'me' could
use the rlogin-statement to login for him.

rlogin host1 -s lock

If 'me' and 'lock' reside on different hosts, the host of 'me' should be in the
/etc/hosts.equiv of host1 (lock's host).

It even works with the user 'root', but beware that a .rhosts file in the
home-directory of root is a security leak! DO NOT GIVE TOO MUCH READ OR
WRITE-PERMISSIONS to the .rhosts-file

I do not really know, if it even works on a trusted system (mail me, if it
does)

Good luck

Mike
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.