Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
SU password
- Thread starter soma1958
- Start date
marvin51796
MIS
The best way is to follow these steps.
1)Reboot
2)Interrupt boot process
3)Type "bo pri asl"
4)Then at the ISL> prompt, type "hpux -is"
5)When booted in single user mode change password with the "passwd" cmd.
6)After that just type "reboot" and let it boot up normally.
Hope this helps
1)Reboot
2)Interrupt boot process
3)Type "bo pri asl"
4)Then at the ISL> prompt, type "hpux -is"
5)When booted in single user mode change password with the "passwd" cmd.
6)After that just type "reboot" and let it boot up normally.
Hope this helps
soma1958 are you wanting to pass it in a script or are you trying to by-pass the su password? If you want to pass it, then what command are you trying to run as root through a script, there may be an easier way than hardcoding the root password.
-B
birbone@earthlink.net
-B
birbone@earthlink.net
- Thread starter
- #4
I wrote a script that su to another user and execute a program.
the script has suid for root. But it always ask for the su passwd when I run it as another user rather than root. I want to by pass the password is there a way?
The command in the script is su - soma -c /xy/xb/jk
the script has suid for root. But it always ask for the su passwd when I run it as another user rather than root. I want to by pass the password is there a way?
The command in the script is su - soma -c /xy/xb/jk
soma1958 I strongly advise you against putting the root passwd into a script. In addition to the obvious security risk, you will also have to update your script every time the root's passwd is updated.
If the script can be ran on specific intervals instead of manually, a solution would be to add it to the cron. Then it would not need to su to a different id to run the program. If the script has to wait for a specific file, you could put a check statement into the script so if the file is not there the script aborts.
If it has to be ran manually and you want a non-root user to be able to run it, a solution may be to change the file permissions to include the non-root user. This way you could allow them permission to run the called program but not read or edit the program.
Will either of these solutions work for you?
-B
birbone@earthlink.net
If the script can be ran on specific intervals instead of manually, a solution would be to add it to the cron. Then it would not need to su to a different id to run the program. If the script has to wait for a specific file, you could put a check statement into the script so if the file is not there the script aborts.
If it has to be ran manually and you want a non-root user to be able to run it, a solution may be to change the file permissions to include the non-root user. This way you could allow them permission to run the called program but not read or edit the program.
Will either of these solutions work for you?
-B
birbone@earthlink.net
Soma, another option is to use SUDO.
SUDO is a root controlled program that can do wonderful things with euid/suid etc.
I was a bit aprehensive until I tried it, now I don't know how I did without it!
If you have trouble grasping the man pages, be sure to look at the sample.sudoers file for help on initial configuration.
search for sudo.
~jdk
Dare to Dream!
SUDO is a root controlled program that can do wonderful things with euid/suid etc.
I was a bit aprehensive until I tried it, now I don't know how I did without it!
If you have trouble grasping the man pages, be sure to look at the sample.sudoers file for help on initial configuration.
search for sudo.
~jdk
Dare to Dream!
- Thread starter
- #7
Thanks for all but let me add somthing
1-I have overcome this by creating a user with 0 userid to run this script to by pass su password request.
2- The user startup program is the the script itself instead of the shell, so when ever he logs in the program runs.
Every thing went fine so far do you have any comments about what i did pertaining to security?
Thanks for all again.
Soma1958
1-I have overcome this by creating a user with 0 userid to run this script to by pass su password request.
2- The user startup program is the the script itself instead of the shell, so when ever he logs in the program runs.
Every thing went fine so far do you have any comments about what i did pertaining to security?
Thanks for all again.
Soma1958
I did something similar for batch testing purposes.
(Our prod batch runs via root cron)
As long as the new "newuser" UID (0) is password protected and the script cannot be modified/replaced by anyone other than those intended, it sounds safe to me!
~jdk
hp-ux sys.admin
Dare to Dream!
(Our prod batch runs via root cron)
As long as the new "newuser" UID (0) is password protected and the script cannot be modified/replaced by anyone other than those intended, it sounds safe to me!
~jdk
hp-ux sys.admin
Dare to Dream!
hi
if the script/program is setuid for root then there's no need to use su in it to change to the root user
Mike
Want to get great answers to your Tek-Tips questions? Have a look at faq219-2884
It's like this; even samurai have teddy bears, and even teddy bears get drunk.
if the script/program is setuid for root then there's no need to use su in it to change to the root user
Mike
Want to get great answers to your Tek-Tips questions? Have a look at faq219-2884
It's like this; even samurai have teddy bears, and even teddy bears get drunk.
- Status
Similar threads
