Re your post#1, in Solaris 11 the root user (superuser) is a 'role' by default and cannot be logged into directly, only su'd to.
This is, of course, for security reasons. However, if you so choose, you can revert user 'root' to a standard user account by issuing:#
Code:
# rolemod -K type=normal root
having previously su'd to gain superuser rights. After that, subject to setting/knowing the root user password you can log directly in as root giving you immediate superuser rights without the need to su.
Another option would be to start your system in single user which brings it up in superuser but without multiuser services such as networking. However, you could soon script yourself something to start the services you require, mount filesystems, and other things whilst you are still in single user. It just depends on whether one single user (from the console) will serve your purpose. Perhaps provide us all with more information so that we can be more specific.
Code:
kevin@OptiPlex-2:~$ rolemod -K type=normal root
rolemod: command not found
kevin@OptiPlex-2:~$
"start your system in single user" This sounds great, how do you do that? Are you using Solaris?
Moderator's Comments:
Please use CODE tags as required by forum rules!
Last edited by RudiC; 09-17-2017 at 06:14 AM..
Reason: Added CODE tags.
how can i change the superuser password?
the admin left the company, and we want to change the password.
to gain su access, i use:
# su -
password:***** (old password)
then, using passwd command it changes my own login password, not the root??
(this is not trying to block anybody's... (4 Replies)
Hi All,
Oracle 8.0 database is running on SCO-UNIXWARE 7.0 Operating system. Some how ORACLLE DATABASE has crashed. After rebooting the PC only the SUPER USER could login. No other user is able to login.
we need ORACLE user to start the DATABASE again.
It is asking for the password, after... (2 Replies)
My first post:
in /etc/rc2.d i have a startup script: Script1.
if you run #>scirpt1 stop/start from any user other than root you will get u must be supper user to run this script. eventhough the rights are 777.
Question: how can i get my user_a be able to run this script to stop and start it... (2 Replies)
hi All,
In my script I want to run some drop and select statements in the same host as a different user.I am inputting password for the superuser from the user who will be executing the script.
ie ,
I would be greatfull to you experts if you could suggest me how to proceed. (4 Replies)
I have a korn shell script (main.sh) owned by unix account "A". I want to execute certain lines in the script using another user "B" (with user "B" login profile). I need to do this way for multiple lines to be executed using different unix accounts in main.sh.
I was trying to use "su -... (3 Replies)
Hi!
Can someone please tell me how to log-in to Solaris as a superuser or as a root?
I have tried using "root" as a username, and my superuser password i had set in the terminal for the log-in password but it says "Roles can only be assumed by authorized users". "Permission denied."
I'm... (1 Reply)
Hello!
I found this on net:
This is the ``prompt''. If you entered you username, or your password incorrectly, you will be greeted by:
Login incorrect
localhost login: Don't panic, try again. Likely you either mis-typed either your login name, or your password. Try again. You're not... (2 Replies)
I'm trying to add a superuser (admin) to plesk from SSH (I have root access). Can this be done? I have search over the web but did not find any solution to my problem. My version is Plesk 9.3 (0 Replies)
Discussion started by: galford
0 Replies
LEARN ABOUT REDHAT
user_attr
user_attr(4) File Formats user_attr(4)NAME
user_attr - extended user attributes database
SYNOPSIS
/etc/user_attr
DESCRIPTION
/etc/user_attr is a local source of extended attributes associated with users and roles. user_attr can be used with other user attribute
sources, including the LDAP people container, the user_attr NIS map, and the user_attr NIS+ table. Programs use the getuserattr(3SECDB)
routines to gain access to this information.
The search order for multiple user_attr sources is specified in the /etc/nsswitch.conf file, as described in the nsswitch.conf(4) man page.
The search order follows that for passwd(4).
Each entry in the user_attr databases consists of a single line with five fields separated by colons (:). Line continuations using the
backslash () character are permitted. Each entry has the form:
user:qualifier:res1:res2:attr
user
The name of the user as specified in the passwd(4) database.
qualifier
Reserved for future use.
res1
Reserved for future use.
res2
Reserved for future use.
attr
An optional list of semicolon-separated (;) key-value pairs that describe the security attributes to apply to the object upon execu-
tion. Zero or more keys may be specified. The following keys are currently interpreted by the system:
auths
Specifies a comma-separated list of authorization names chosen from those names defined in the auth_attr(4) database. Authorization
names may be specified using the asterisk (*) character as a wildcard. For example, solaris.printer.* means all of Sun's printer
authorizations.
profiles
Contains an ordered, comma-separated list of profile names chosen from prof_attr(4). Profiles are enforced by the profile shells,
pfcsh, pfksh, and pfsh. See pfsh(1). A default profile is assigned in /etc/security/policy.conf (see policy.conf(4)). If no pro-
files are assigned, the profile shells do not allow the user to execute any commands.
roles
Can be assigned a comma-separated list of role names from the set of user accounts in this database whose type field indicates the
account is a role. If the roles key value is not specified, the user is not permitted to assume any role.
type
Can be assigned one of these strings: normal, indicating that this account is for a normal user, one who logs in; or role, indicat-
ing that this account is for a role. Roles can only be assumed by a normal user after the user has logged in.
project
Can be assigned a name of one project from the project(4) database to be used as a default project to place the user in at login
time. For more information, see getdefaultproj(3PROJECT).
defaultpriv
The default set of privileges assigned to a user's inheritable set upon login.
limitpriv
The maximum set of privileges a user or any process started by the user, whether through su(1M) or any other means, can obtain. The
system administrator must take extreme care when removing privileges from the limit set. Removing any basic privilege has the abil-
ity of crippling all applications; removing any other privilege can cause many or all applications requiring privileges to malfunc-
tion.
See privileges(5) for a description of privileges. The command ppriv -l (see ppriv(1)) produces a list of all supported privileges.
Note that you specify privileges as they are displayed by ppriv. In privileges(5), privileges are listed in the form PRIV_<privi-
lege_name>. For example, the privilege file_chown, as you would specify it in user_attr, is listed in privileges(5) as
PRIV_FILE_CHOWN.
lock_after_retries
Specifies whether an account is locked after the count of failed logins for a user equals or exceeds the allowed number of retries
as defined by RETRIES in /etc/default/login. Possible values are yes or no. The default is no. Account locking is applicable only
to local accounts.
Except for the type key, the key=value fields in /etc/user_attr can be added using roleadd(1M) and useradd(1M). You can use rolemod(1M) and
usermod(1M) to modify key=value fields in /etc/user_attr. Modification of the type key is restricted as described in rolemod and usermod.
EXAMPLES
Example 1: Assigning a Profile to Root
The following example entry assigns to root the All profile, which allows root to use all commands in the system, and also assigns two
authorizations:
root::::auths=solaris.*,solaris.grant;profiles=All;type=normal
The solaris.* wildcard authorization shown above gives root all the solaris authorizations; and the solaris.grant authorization gives root
the right to grant to others any solaris authorizations that root has. The combination of authorizations enables root to grant to others
all the solaris authorizations. See auth_attr(4) for more about authorizations.
FILES
/etc/nsswitch.conf
See nsswitch.conf(4).
/etc/user_attr
Described here.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO auths(1), pfcsh(1), pfksh(1), pfsh(1), ppriv(1), profiles(1), roles(1), roleadd(1M), rolemod(1M), useradd(1M), usermod(1M), getdefault-
proj(3PROJECT), getuserattr(3SECDB), auth_attr(4), exec_attr(4), nsswitch.conf(4), passwd(4), policy.conf(4), prof_attr(4), project(4),
attributes(5), privileges(5)NOTES
When deciding which authorization source to use, if you are not using LDAP, keep in mind that NIS+ provides stronger authentication than
NIS.
The root user is usually defined in local databases for a number of reasons, including the fact that root needs to be able to log in and do
system maintenance in single-user mode, before the network name service databases are available. For this reason, an entry should exist for
root in the local user_attr file, and the precedence shown in the example nsswitch.conf(4) file entry under EXAMPLES is highly recommended.
Because the list of legal keys is likely to expand, any code that parses this database must be written to ignore unknown key-value pairs
without error. When any new keywords are created, the names should be prefixed with a unique string, such as the company's stock symbol, to
avoid potential naming conflicts.
In the attr field, escape the following symbols with a backslash () if you use them in any value: colon (:), semicolon (;), carriage
return (
), equals (=), or backslash ().
SunOS 5.10 16 Mar 2004 user_attr(4)
09-16-2017
