HPE Community
Operating System - HP-UX
1835228 Members
7812 Online
110078 Solutions
New Discussion

Superuser

 
Patrick Donahue_1
Occasional Contributor

‎04-18-2002 09:06 AM

‎04-18-2002 09:06 AM

Superuser

Hello -
On one of our HPOV UNIX boxes, it seems as if everyone lost their superuser priviledge. Does anyone know who to get this back? Thanks!
0 Kudos
Reply
10 REPLIES 10
Robert Gamble
Respected Contributor

‎04-18-2002 09:09 AM

‎04-18-2002 09:09 AM

Re: Superuser

How do you normally get 'superuser' access ?

su ? if so, has root passwd changed ?
0 Kudos
Reply
pap
Respected Contributor

‎04-18-2002 09:11 AM

‎04-18-2002 09:11 AM

Re: Superuser

If you have created so many superusers in your system from unix point of view, then it is very simple to restore the changes.

you can do following.

1. Identify which users needs superuser access.
2. replace the UID of the person in /etc/passwd file by 0. (0 is the super user ID)
3. REplace group ID with 3

You are all set now.

-pap
"Winners don't do different things , they do things differently"
0 Kudos
Reply
Domenico_5
Respected Contributor

‎04-18-2002 09:11 AM

‎04-18-2002 09:11 AM

Re: Superuser

hi patrik

control in /etc/passwd you must have 3 in foruth columns

if you can't write passwd because you don't have the privilege, you must boot in single user

regards
0 Kudos
Reply
Patrick Donahue_1
Occasional Contributor

‎04-18-2002 09:14 AM

‎04-18-2002 09:14 AM

Re: Superuser

Mercy....talk about getting a response! Thanks all

Pap - I like your answer and will find someone who has a clue about UNIX to give it a try. Thanks!
0 Kudos
Reply
pap
Respected Contributor

‎04-18-2002 09:29 AM

‎04-18-2002 09:29 AM

Re: Superuser

Thanks buddy,

I am glad that you like my answer.
Thanks again.

-pap
"Winners don't do different things , they do things differently"
0 Kudos
Reply
Ike Norton
New Member

‎04-18-2002 09:30 AM

‎04-18-2002 09:30 AM

Re: Superuser

Patrick, It is not recommended to make any user a default superuser except root. Typically administrators do not run as superuser unless necessary. Superuser accounts can do serious damage to a system if they are not knowledgeable and extemely careful.

Regards,
Ike
0 Kudos
Reply
Patrick Donahue_1
Occasional Contributor

‎04-18-2002 09:33 AM

‎04-18-2002 09:33 AM

Re: Superuser

Ike -
We are aware SU account can do serious damage, but at this time we can't even stop netmon. We have a stale host file that we need to fix.
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎04-18-2002 09:36 AM

‎04-18-2002 09:36 AM

Re: Superuser

Patrick,

A final thought, the reason they may have "lost" superuser access is simply because they have it. When "regular" users have that level access & are not familiar with UNIX, bad things can happen.
Users w/little UNIX knowledge can completely erase filesystems & even ALL files on the server itself.

I would strongly suggest you find out just exactly how users were obtaining root level permissions - I suspect they were using the su - root command to become root after logging in with their own ID.
This is the preferred way to do it & users should only be allowed to do so if it's absolutely necessary.

If you set everyone's ID to 0 then they will ALWAYS be root & will be able to do bad things the ENTIRE time they are logged on.

More likely cause is the possibility that a user, while root, changed the root PW & this can be easily reset. Or another possibilty is that the passwd file has been corrupted or even erased.
These causes should be investigated before you set users' ID to 0.

And more fundamentally the reason WHY users NEED to be root in the first place should be evaluated - there are loads of alternatives than letting everyone have keys to the store.

My 2 cents,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Patrick Donahue_1
Occasional Contributor

‎04-18-2002 09:40 AM

‎04-18-2002 09:40 AM

Re: Superuser

Thanks Jeff -
Those are all good points. If people keep responding to my issue, I might run out of points.
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎04-18-2002 10:01 AM

‎04-18-2002 10:01 AM

Re: Superuser

Patrick,

Ok now lets attack the problem.
I'm assuming the root PW is not being accepted
Check the date on the /etc/passwd file - is it very recent? This indicates that the passwd file has been changed recently & possibly when the root PW was changed.
If so inquire if any user AT THIS TIME is logged in AND the root user.
You can determine if they're root with the whoami command
If so run the passwd command on this session & set a PW - this will be the new root PW - alternative is to set it BACK to the known PW.

If the /etc/passwd file date is old, old enough that you know people had access, then display it with
more /etc/passwd
The file is a 7 field, colon delimited, file. The 2nd field is the encrypted PW field. Are there multiple chars in the 2nd field for the root user? If there's none then root currently has NO password & root can be accessed simply by entering w/o input on the PW request.
Is there an asterisk in the field. Then login has been disabled for the root user & the system will have to be taken down & brought up in single-user to set a PW for root.
If there are mult chars in the field, then root does have a PW & if it can't be determined then you'll have to do the same as if login denied.
Also check to see if the file is corrupted. i.e. "mangled", incomplete lines, strange chars, etc. There is a command, pwck, that will check the passwd file integrity - but I believe you have to be root to run it.
If the file IS corrupt OR missing AND you have a recent backup you could restore the /etc/passwd file from it to recover acccess.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.