HPE Community
Operating System - HP-UX
1848590 Members
6242 Online
104033 Solutions
New Discussion

Re: root passwd

 
SOLVED
Go to solution
SSP_1
Regular Advisor

‎12-13-2001 01:33 AM

‎12-13-2001 01:33 AM

root passwd

Hi All,
Just came to know with a starnge discovery....would like ur comments on the same.

If I created a login with uid "0" say toor and after logging with this "toor" id if I am going to change the passwd with only "passwd" command, it changes the root passwd also. Is it so? how to restrict?
Obstacles exist to challenge you to keep going. Not to quit.
0 Kudos
Reply
10 REPLIES 10
Duncan Edmonstone
HPE Pro

‎12-13-2001 01:38 AM

‎12-13-2001 01:38 AM

Re: root passwd

... don't let anyone create an account with UID 0!

I am assuming the proble here is that you have some utility which allows non-root users to add users to the system/change passwords etc. Any utility which allows you to do this, should prevent the assignment of UID 0 for a new user, and prevent the change of passwords for any account with UID 0.

If the problem is others who do not understand this who have access to the root account to create/change accounts - well you have a bigger problem!

HTH

Duncan

I am an HPE Employee
Accept or Kudo
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎12-13-2001 01:41 AM

‎12-13-2001 01:41 AM

Re: root passwd

Hi,

The superuser root account also uses the uid of 0. A superuser, whose effective user ID is zero is allowed to change any password and is not forced to comply with password aging.

Hope I interpreted your question correctly and this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
0 Kudos
Reply
SSP_1
Regular Advisor

‎12-13-2001 01:41 AM

‎12-13-2001 01:41 AM

Re: root passwd

Hi Duncan,

It's me only who has created this "toor" login, equivalent root id. So that if something goes wrong with root , I may not die.
Obstacles exist to challenge you to keep going. Not to quit.
0 Kudos
Reply
Deepak Extross
Honored Contributor

‎12-13-2001 01:41 AM

‎12-13-2001 01:41 AM

Re: root passwd

UID 0 is reserved exclusively for root!!
Make sure your /etc/passwd file reflects this correctly, or you're just asking for trouble.
0 Kudos
Reply
Duncan Edmonstone
HPE Pro

‎12-13-2001 01:49 AM

‎12-13-2001 01:49 AM

Re: root passwd

As Deepak says, having another account with UID 0 is asking for trouble, and I wouldn't advise doing what you are proposing... but if your determined to do it, rather than creating the user and setting a password in the normal way, just use 'vipw' and copy and paste the root acccount onto the last line, then change the user name... you now have another account the same as root, with the same password.

Of course it won't work if you are running as a trusted system.

HTH

Duncan

I am an HPE Employee
Accept or Kudo
0 Kudos
Reply
SSP_1
Regular Advisor

‎12-13-2001 01:56 AM

‎12-13-2001 01:56 AM

Re: root passwd

Friends,

But if I am login into the system with id "toor" and then issuing "passwd" command why is it changing the passwd for "root" and not specifically for "toor" id.
Obstacles exist to challenge you to keep going. Not to quit.
0 Kudos
Reply
Duncan Edmonstone
HPE Pro

‎12-13-2001 02:05 AM

‎12-13-2001 02:05 AM

Solution

Re: root passwd

Because root is the first UID 0 entry in the /etc/passwd file... (I think) If you want to test this out, try moving the toor user to the top of your passwd file and try again - all the usual caveats about having another 'logged in' session available apply... remember to change this back when your done.

HTH

Duncan

I am an HPE Employee
Accept or Kudo
Reply
Eugen Cocalea
Respected Contributor

‎12-13-2001 02:06 AM

‎12-13-2001 02:06 AM

Re: root passwd

Hi,

This is because the 'passwd' command is not based on the username but on id of the user.

Actually, usernames is just the 'friendly' part of the SO, all operations should be done based on id of the user. Most of the programs do so.

E.
To Live Is To Learn
Reply
SSP_1
Regular Advisor

‎12-13-2001 02:08 AM

‎12-13-2001 02:08 AM

Re: root passwd

thanks dungen / eugen,

I gotta it.....
Obstacles exist to challenge you to keep going. Not to quit.
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎12-13-2001 02:25 AM

‎12-13-2001 02:25 AM

Re: root passwd

Hi,

This is from the man pages:

man passwd:

The passwd command modifies the password as well as the attributes associated with the login name. If name is omitted, it defaults to the invoking user's login name, which is determined using getlogin(3C).

man getlogin:

The getlogin() function can be used in conjunction with getpwnam() to locate the correct password file entry when the same user ID is shared by several login names.

If passwd uses getpwnam () (I am not sure if it uses it), then given that the user ID (uid) is 0 and is shared by several login names (ie. root and toor), then getpwnam () should return the correct passwd file entry for toor.

Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.