HPE Community
Operating System - HP-UX
1827289 Members
3297 Online
109717 Solutions
New Discussion

Root user

 
SOLVED
Go to solution
Kevin_107
Regular Advisor

‎02-20-2003 05:01 AM

‎02-20-2003 05:01 AM

Root user

Is there a way of creating a second root user ie. root2 with all the same privileges so it can stop/restart system/application processes when needed ??
He who laughs last.....doesnt get the joke !!
0 Kudos
Reply
8 REPLIES 8
Yogeeraj_1
Honored Contributor

‎02-20-2003 05:08 AM

‎02-20-2003 05:08 AM

Solution

Re: Root user

hi,

modify your UID to be 0

you can either do it when creating the user in SAM

or modify your password file

root:ItDrkovo.KRhs:0:3::/:/sbin/sh
^^

hope this helps!

Regards
Yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
Reply
Chris Wilshaw
Honored Contributor

‎02-20-2003 05:09 AM

‎02-20-2003 05:09 AM

Re: Root user

useradd -u 0 -o -g sys -m -c "Second Root User" -s /sbin/sh root2

This will create the user with a directory of /home/root2
Reply
Gavin Clarke
Trusted Contributor

‎02-20-2003 05:11 AM

‎02-20-2003 05:11 AM

Re: Root user

Er, yes set UID = 0, you probably don't want to do this though, if you search the forums I'm sure you'll find stuff telling you why it's not a good idea.

For example what happens if you go to delete this other user and delete all the files it owns. All files owned by root will be deleted.
I picked that up from a post on the forum somewhere and it made me think.

Can you not just get what you want from su? Or sudo (again search for this)?
Would I be right in saying you have two admins and they both want to have different passwords?
Reply
James R. Ferguson
Acclaimed Contributor

‎02-20-2003 05:12 AM

‎02-20-2003 05:12 AM

Re: Root user

Hi Kevin:

There are a number of ways to handle situations like this.

> Using "restricted SAM" is one method. See the man pages for 'sam' for more information.

> Using 'sudo' is another (common) choice.

http://hpux.cs.utah.edu/hppd/hpux

> Creating setuid scripts or c-wrappers is sometimes done, but this can be a large security risk.

Regards!

...JRF...
Reply
James R. Ferguson
Acclaimed Contributor

‎02-20-2003 05:15 AM

‎02-20-2003 05:15 AM

Re: Root user

Hi (again) Kevin:

While any account with a uid=0 is a superuser account, *beware* the day you (or your successor) forget that the account named 'kevin' is such an account, and you (or your successor) runs something like:

# find / -type f -user kevin -exec rm {} \;

...the result is that files with uid=0 are removed. Guess which files!!!

Regards!

...JRF...
Reply
Yogeeraj_1
Honored Contributor

‎02-20-2003 05:26 AM

‎02-20-2003 05:26 AM

Re: Root user

hi again,

Yes, Mr. James R. Ferguson is right!

SUDO will be a much better alternative to consider.

Best Regards
Yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
Colin Topliss
Esteemed Contributor

‎02-20-2003 05:40 AM

‎02-20-2003 05:40 AM

Re: Root user

Watch out if you use sudo though. There are a number of security issues that can arise around this if you don't be careful when you configure it(the favourite is gaining a root shell when you really never intended that to happen).
0 Kudos
Reply
W.C. Epperson
Trusted Contributor

‎02-21-2003 07:07 AM

‎02-21-2003 07:07 AM

Re: Root user

Just $.02.

You have good suggestions on how to do this, just some comments on use.

We've used multiple root ids on hp-ux v7-11, SCO Unix, Solaris, AIX, and various Linuxes. Works very nicely on all, and avoids changing every root password on every server every time a sysadmin leaves (the "real" root passwords are escrowed with me by the primary sysadmin for the platform). But we always use a name consisting of initials+root, e.g wceroot, to avoid confusion with one's vanilla ids.
"I have great faith in fools; self-confidence, my friends call it." --Poe
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.