HPE Community
Operating System - HP-UX
1831185 Members
3137 Online
110021 Solutions
New Discussion

Root user list

 
Venkatesh_16
Respected Contributor

‎04-07-2009 08:50 PM

‎04-07-2009 08:50 PM

Root user list

Hi there,

Is there is a command-line or script available which can generate a report of all accounts with root user equivalent privileges in HP-UX setup, with added information on which machine the id resides., etc?

Thanks,
Venkatesh
0 Kudos
Reply
10 REPLIES 10
Torsten.
Acclaimed Contributor

‎04-07-2009 09:11 PM

‎04-07-2009 09:11 PM

Re: Root user list

You should check the passwd file first for id 0.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
Venkatesh_16
Respected Contributor

‎04-07-2009 09:17 PM

‎04-07-2009 09:17 PM

Re: Root user list

Thanks I guess your suggestion for id 0 check applies only for root users. However, we are looking for all users who have "su" equivalent privilegdes.

Thanks,
V
0 Kudos
Reply
Torsten.
Acclaimed Contributor

‎04-07-2009 09:19 PM

‎04-07-2009 09:19 PM

Re: Root user list

"However, we are looking for all users who have "su" equivalent privilegdes."

Every user can issue the "su" command; if he knows the password he will be root then.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
DharmaRao G
Advisor

‎04-07-2009 09:34 PM

‎04-07-2009 09:34 PM

Re: Root user list

Hi Torsten,

Administrator will give the access to set the "su" to root or other group to logon onto get the access. I would like to know in single server there are more than 1000 users created. Get the information those are previlize to su for root or equilent to root. Is there any command line to display to get the all users information equal to root access only.

Regards
Dharma
0 Kudos
Reply
Torsten.
Acclaimed Contributor

‎04-07-2009 09:39 PM

‎04-07-2009 09:39 PM

Re: Root user list

It depends on the additional su security settings (if already set), see "man su" and check the /etc/default/security settings.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
Suraj K Sankari
Honored Contributor

‎04-07-2009 10:26 PM

‎04-07-2009 10:26 PM

Re: Root user list

Hi,

Any (all) user are in /etc/passwd file can do "su"
but to access the root prompt he or she has to give the root passwd.

Suraj
0 Kudos
Reply
Paul McCleary
Honored Contributor

‎04-08-2009 12:49 AM

‎04-08-2009 12:49 AM

Re: Root user list

I think the easier approach would be to check for systems where su security has been restricted - otherwise, as stated above, any user can su to root (assuming they know the password). Also assuming standard permissions on su, which are:

-r-sr-xr-x 1 root bin 51872 Aug 3 2005 /usr/bin/su

You should check /etc/default/security - the option that can be enforced is that users must be a member of a certain group to su to root:

# Users attempting to su to root must be a memeber
# of this group
# SU_ROOT_GROUP=wheel

An additional approach if you're unsure exactly who knows the root password, would be to check /var/adm/sulog (and syslog if you want) on the systems and see who has been su'ing to root.

HTH, Paul
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎04-08-2009 02:33 AM

‎04-08-2009 02:33 AM

Re: Root user list

Basically, it comes down to this: as the administrator, you should know who you have given the root password to. If you don't, then it is time to start asking each of your 1000+ users if they know the root password. Oh yeah, don't forget to hope that these 1000+ users are all honest and won't lie.

I would suggest changing the root password to a completely random, very secure one, and then seeing who comes and asks for the new password. Anyone who does not ask, does not know it.


Pete

Pete
0 Kudos
Reply
Doug O'Leary
Honored Contributor

‎04-08-2009 04:39 AM

‎04-08-2009 04:39 AM

Re: Root user list

Hey;

If there is any doubt what so ever, change the root password and monitor syslog to see who's attempting root access:

grep su: /var/adm/syslog/syslog.log | tail -4

Apr 6 16:02:30 myhost su: + ta root-myuser
Apr 7 08:43:19 myhost su: + 1 myuser-root
Apr 7 08:43:28 myhost su: + 1 myuser-oraf1x
Apr 7 22:20:15 myhost su: + 2 myuser-root

If I don't think ${myuser} should have access to root, I would be very concerned at those messages.

That type of monitoring just begs to be automated. You can easily generate a script to report who's attempting access, and who succeeded.

Doug O'Leary

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎04-08-2009 05:45 AM

‎04-08-2009 05:45 AM

Re: Root user list

Hi:

With regard to examining the '/var/adm/sulog' for activity, be aware that on most systems the '/sbin/init.d/clean_adm' script will move the 'sulog' to 'OLDsulog' following a reboot. You can disarm this by appropriately editting the '/etc/rc.config.d/clean' file.

Regards!

...JRF...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.