HPE Community
Operating System - Tru64 Unix
1829330 Members
2518 Online
109989 Solutions
New Discussion

Separate root logon for HP Support.

 
Khalil Ahmed
Frequent Advisor

‎06-09-2003 05:07 AM

‎06-09-2003 05:07 AM

Separate root logon for HP Support.

This is a simple one for you Unix gurus out there. We have recently been audited and one of the audit recommendations is for us to create a separate login for HP Support when they need to jump on to our box. Now we normally let HP login as user ???root???, so should I simply create another user ???hp_root??? (say) with the same settings as the user ???root??? ie UID 0 and Primary Group sys???? or should I be doing something else???? any thoughts on this out there.

Regards

Khalil

0 Kudos
2 REPLIES 2
ShyGuy
Advisor

‎06-09-2003 07:52 AM

‎06-09-2003 07:52 AM

Re: Separate root logon for HP Support.

Hi Khalil,

this is the VMS forum not a unix forum so you might have better luck getting a good answer if you post in one of the hp-ux, linux or Tru64 Unix forums.

Having said that my suggestion (from a security perspective) would be that you should not allow the use of non-personal users "root" or otherwise on the system.. Allowing login via a common user such as root makes it impossible to know who did what and knowing that can be very vital to security...

/ShyGuy

Isn't every computer a Digital computer?
0 Kudos
Ralf Puchner
Honored Contributor

‎06-10-2003 01:17 AM

‎06-10-2003 01:17 AM

Re: Separate root logon for HP Support.

hp_root is too simple. Create a new account name with unprivileged rights and add the user to the system group (so su leads to the rights).

Disable root login from the network, it is much saver and you can easier audit what people uses the "su" command.

Help() { FirstReadManual(urgently); Go_to_it;; }
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.