HPE Community
Operating System - HP-UX
1847658 Members
3640 Online
110265 Solutions
New Discussion

Re: What root-equivalent ID cannot do?

 
Yap Yen Nee
Contributor

‎05-31-2004 07:36 PM

‎05-31-2004 07:36 PM

What root-equivalent ID cannot do?

I am using HP-UX 11i here. Just wondering what can the original unix root ID can do which cannot be done by the root-equivalent ID that we create?
0 Kudos
Reply
8 REPLIES 8
Naveej.K.A
Honored Contributor

‎05-31-2004 07:41 PM

‎05-31-2004 07:41 PM

Re: What root-equivalent ID cannot do?

hi,

root userid is zero.....

All users with UID zero are root equivalent, means if you create a user with UID 0 his username is not "root" but got all capabilities of the root user...

with best wishes
naveej
practice makes a man perfect!!!
0 Kudos
Reply
Joseph Loo
Honored Contributor

‎05-31-2004 07:45 PM

‎05-31-2004 07:45 PM

Re: What root-equivalent ID cannot do?

hi,

the root UID is 0 and anyone who has the same UID will have the same privilege as root. however, under normal circumstances and due to security reasons, there should only be one user holding on to this UID.

regards.
what you do not see does not mean you should not believe
0 Kudos
Reply
Bharat Katkar
Honored Contributor

‎05-31-2004 07:56 PM

‎05-31-2004 07:56 PM

Re: What root-equivalent ID cannot do?

Agree with the replies above. But the thing is using UID zero for users other root is a serious security threat to the system.
I would suggets you to use SAMBUILDER instead to give subset of priviledges of root to different users.

see man sam
-r option will run the sam in sambuilder mode.

Hope that helps.
Regards,
You need to know a lot to actually know how little you know
0 Kudos
Reply
Jose Mosquera
Honored Contributor

‎05-31-2004 07:59 PM

‎05-31-2004 07:59 PM

Re: What root-equivalent ID cannot do?

Hi,

If you have cloned root user with same UID and GID no restrictions will be applied at clone. Be careful with this practice because is a security fault.

Pls consider use a HP's certified third party software like "sudo".

You can download this software from:
http://hpux.connect.org.uk/

Rgds.
0 Kudos
Reply
Anupam Anshu_1
Valued Contributor

‎05-31-2004 08:19 PM

‎05-31-2004 08:19 PM

Re: What root-equivalent ID cannot do?

For any user who has UID and GID values set to 0, will have all the privileges of Root. These users can do anything they want on the system.

Regards,

Anshu

0 Kudos
Reply
Mark Grant
Honored Contributor

‎05-31-2004 08:22 PM

‎05-31-2004 08:22 PM

Re: What root-equivalent ID cannot do?

Do you mean the difference between having an EUID of 0 and having a UID of 0?

If so, generally speaking they are the same but some utilities look specifically at the UID and ignore the EUID. I don't think there are too many of them though.

If you mean two accounts having a UID of 0 but one not actually called root then the only difference would be if the non "root" user appears first in /etc/passwd and some dodgy script does something like [ $LOGNAME eq "root ] && { blah blah } because then, the non "root" account would not pass the test.
Never preceed any demonstration with anything more predictive than "watch this"
0 Kudos
Reply
dirk dierickx
Honored Contributor

‎06-01-2004 06:24 PM

‎06-01-2004 06:24 PM

Re: What root-equivalent ID cannot do?

no difference, but i don't see any reason for creating just another 'root' user except if you want a less secure system.
there is already one root, shy would you want another, ask yourself that question first.
0 Kudos
Reply
Anupam Anshu_1
Valued Contributor

‎06-01-2004 06:29 PM

‎06-01-2004 06:29 PM

Re: What root-equivalent ID cannot do?

Hi Dirk,

If auditing is on, then it can be found that which root user made what change. Hence there can be a use of root with different usernames when you want to trace back who modified what as a root user.

For this you need to turn on auditing (see mapage, man 4 audit).

Regards,

Anshu
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.