HPE Community
Operating System - HP-UX
1833645 Members
5016 Online
110062 Solutions
New Discussion

root permissions to a user

 
SOLVED
Go to solution
Lana Cameli
Advisor

‎11-24-2006 02:46 AM

‎11-24-2006 02:46 AM

root permissions to a user

Hi there;
I would like to create a user login to be used by oncall person and give them permission to reboot, reset password for self or users (but not root), access scripts in root directories and have rights to execute them and such...all remotely. Is there a way to do it?

0 Kudos
7 REPLIES 7
Coolmar
Esteemed Contributor

‎11-24-2006 03:11 AM

‎11-24-2006 03:11 AM

Re: root permissions to a user

Hi Lana,

There is something called RBAC (Roll Based Access Control) and you can read up on it here: http://docs.hp.com/en/5991-0709/index.html

The problem is that it is only available for 11.23. What version of HP-UX are you running?
0 Kudos
Lana Cameli
Advisor

‎11-24-2006 03:49 AM

‎11-24-2006 03:49 AM

Re: root permissions to a user

Hi Coolmar;
We are running version 10.2

Is there a way to at least allow this user to reboot without su?
0 Kudos
siva0123
Trusted Contributor

‎11-24-2006 03:59 AM

‎11-24-2006 03:59 AM

Re: root permissions to a user

Hi
you can create the user id with -o option
to duplicate the user id 0 for that user.

useradd -u 0 -o .......

But beware this makes the user do anything as a superuser or root does.

Thanks,
siva
0 Kudos
Coolmar
Esteemed Contributor

‎11-24-2006 04:01 AM

‎11-24-2006 04:01 AM

Solution

Re: root permissions to a user

Hi Lana,

Have you tried "sudo"....that is really the only work around if you don't have 11.23 and RBAC. I have used it many times in the past and it works very well and is pretty easy to setup.
0 Kudos
Christian Tremblay
Trusted Contributor

‎11-24-2006 04:43 AM

‎11-24-2006 04:43 AM

Re: root permissions to a user

Yes, Install sudo on your box, then in the sudo configuration file you can, for every user, specify what commands that user can run as root.

DO NOT create any user with UID 0, this is bad practice and will set off security audits flags if your site is security conscious.

Chris
0 Kudos
Lana Cameli
Advisor

‎11-24-2006 04:54 AM

‎11-24-2006 04:54 AM

Re: root permissions to a user

Thanks guys;
I have sudo installed and added user names to the /etc/sudoers

:)
0 Kudos
Dennis Handly
Acclaimed Contributor

‎11-27-2006 01:30 PM

‎11-27-2006 01:30 PM

Re: root permissions to a user

>Is there a way to at least allow this user to reboot without su?

See shutdown(1M) for /etc/shutdown.allow.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.