Re: User with Admin Rights

Suriya Prakash · ‎11-21-2010

Hi,

I want to create a user with admin rights.
I dont want to use root for all the cases.
I need a user with all admin rights.
The user can able start and stop the application, start and stop the oracle packages, shutdown or restart the server, etc..
pls guide me....

Thanks,
Suriya

Jayakrishnan G Naik · ‎11-21-2010

Hi Suriya,

You can do this by creating another user with uid 0.

There is an option "-o" for creating users with non unique user ids

useradd
-o Allow the UID to be non-unique (that is, a duplicate).

Hope this helps.... if helpful give appropriate points.

Thanks & Regards
Jayakrishnan G Naik

Suriya Prakash · ‎11-21-2010

Hi,

Thanks for the reply.

If i create the user with the id 0.

what about the root user with id 0.

and tell me the full command to create the user with admin rights bcoz i'm new to unix.

Thanks,
Suriya.

Jayakrishnan G Naik · ‎11-21-2010

Hi Suriya,

# useradd -u 0 -o -g (group id) -d /home/user -m -s /bin/sh username

-u uid
-g gid
-d home directory
-m create the home directory for the new login
-s login shell

set the values for "(group id), /home/user , /bin/sh , username " etc depending on your need and environment.

>>New to unix
Manpages for the commands are always useful, and you can develop a habit to read manpages which can solve many doubts.

Thanks & Regards
Jayakrishnan G Naik

Suriya Prakash · ‎11-21-2010

Thanks Jayakrishnan,

If i create the user with uid 0.

the root user will take which uid.

Thanks,
Suriya.

Jayakrishnan G Naik · ‎11-21-2010

Hi Suriya,

root user always use uid 0 and the -o option allows you to use duplicate uid
for another user. It means you can create multiple users with same uid.

Please read my first reply which clearly tells what more on the option
" -o"

Please assign appropriate points to the replies.

Thanks & Regards
Jayakrishnan G Naik

Suriya Prakash · ‎11-21-2010

Thanks Jayakrishnan.

Dennis Handly · ‎11-22-2010

Instead of two superusers, you may want to look into sudo or RBAC that allow other users to do a carefully tailored list of root tasks.

Suriya Prakash · ‎11-22-2010

Hi,

I try the two super user option, it was not working. its not able to process even the swlist command. Pls tell me to configure sudo or RBAC which one is better.

Thanks,
Suriya.

Dennis Handly · ‎11-22-2010

>I try the two super user option, it was not working.

This can't fail if you set it up correctly. If not trusted, vipw(1m) can do it. What does id(1) show?

>tell me to configure sudo or RBAC which one is better.

You need to download both, one form the porting center and one from HP.
You can search for more threads on the two:
http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=805956
http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1238372

Suriya Prakash · ‎11-22-2010

Hi,

I create the user like this

# useradd -u 0 -o -m -s /bin/sh admin

but its not working, unable to list the softwares using swlist, its not process the cmviewcl command.
Is there is any mistake in the above command.
Pls inform me.

check the below result of cat /etc/passwd for the user admin.
admin:UAXJtsEWLA5uw:0:20::/home/admin:/sbin/sh

Unable to delete the user account, check the below result.

# userdel -r admin
Login admin is currently in use
#

Thanks,
Suriya.

Pete Randall · ‎11-22-2010

As specified, your command will add a user with uid 0, but no default group and no password. At the very least, you need to specify the group to be sys and supply a password.

Pete

Pete

Ismail Azad · ‎11-22-2010

Suriya,

If the admin account is already created, then you cannot use useradd and besides the command in your query says /bin/sh rather than /sbin/sh
.

Anyways, answer to your question "login currently in use"

This means you have not exited from the session gracefully and the session is still running. Execute the following commands to delete the user.

ps -ef | grep -i admin
kill -9
and then userdel...

This will remove the account!!. Do assign points if it is helpful.

Read, read and read... Then read again until you read "between the lines".....

Dennis Handly · ‎11-22-2010

>unable to list the software using swlist,

What does "id" show? Did you try logging in again?

># userdel -r admin
>Login admin is currently in use

As admin logged on? If not, that's why you don't add duplicate users. You'll need to use vipw(1m) to remove.

>Pete: As specified, your command will add a user with uid 0, but no default group and no password.

The passwd entry seems to have those.

Pete Randall · ‎11-22-2010

Dennis,

You're right. I didn't see that. However, the group is 20 and I think it ought to be 3 and, like you, I would really like to see the output of the "id" command.

Pete

Pete

Suriya Prakash · ‎11-22-2010

Hi,

How to specify the group and passwd.
which group should i specify.
pls reply with example.

Thanks,
Suriya.

Jayakrishnan G Naik · ‎11-22-2010

Hi suriya,

Is your system a trusted system?
you can check this by searching a directory named /tcb in root. If there is a directory like that it means system is trusted.

As mentioned by Handly you need to use vipw to modify passwd file if the system is trusted.

># userdel -r admin
>Login admin is currently in use
Have you logged in with user "admin"? either by su or by normal login?if you are logged in you cannot remove the logged in user.

If the system is not trusted you try to modify the user group details with usermod. Use the same group as root. Set proper password. and then try logging in. It worked for me when ever used.

usermod -g 0 admin
-g group
An existing group's integer ID or character-string name. It redefines the user's primary group membership. This option is ignored if the login is administered by the Network Information Service (NIS).

Regards
Jayakrishnan G Naik

Jayakrishnan G Naik · ‎11-22-2010

Hi Suriya
The following command helps to change the password and you can set a new passwd with this command

#passwd admin

Regards
Jayakrishnan G Naik

Dennis Handly · ‎11-22-2010

>Jayakrishnan: As mentioned by Handly you need to use vipw to modify passwd file if the system is trusted.

Actually I was saying the opposite. If it isn't trusted, you can use vipw to just copy entries and passwords.

>if you are logged in you cannot remove the logged in user.

For 11.31 there is -F and vipw(1m) doesn't care.

Jayakrishnan G Naik · ‎11-22-2010

Ok Handly,

Thanks for the correction & Sorry for the confusion.

Suriya,

If the system is not trusted (/tcb dont exist)then go ahead with changing the group to 0 and setting a passwd. Do this with your original root login.

usermod -g 0 admin
passwd admin

connect to the system using another session and try logging in with admin. see if there are any errors. see whether you have all privileges.

Hope you are using duplicate root as there is no other alternative. This is actually a
security flaw.

Regards
Jayakrishnan G Naik

Suriya Prakash · ‎11-22-2010

Hi,

See the below result.

I logged in as root

# usermod -g 0 admin
Login admin is currently in use

There is no file called /tcb in root.

so its not a trusted system.

#ps -ef | grep -i admin
the above command writen nothing.

Jayakrishnan G Naik · ‎11-22-2010

Hi Suriya,

You are root now. you changed the group.
have you set the passwd for admin?
if done, have you logged in with admin and its password?

Login and try first. Now try some admin commands.

Regards
Jayakrishnan G Naik

Dennis Handly · ‎11-22-2010

>I logged in as root
># usermod -g 0 admin
>Login admin is currently in use
>#ps -ef | grep -i admin
>the above command writes nothing.

You'll have to use the -F option or use vipw(1m).

Jayakrishnan G Naik · ‎11-22-2010

Hi Suriya

When you are logged in with admin, what does the following command outputs show?

#who
#w
#id

Regards
Jayakrishnan G Naik

Suriya Prakash · ‎11-22-2010

Dear All,

First tell me how to delete the user account admin.
i set the password.
i'm getting the error while trying to delete the user. "Login admin is currently in use".

Thanks,
Suriya

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: User with Admin Rights

User with Admin Rights