AIX

Hi
I would like to create another root account, for example root2. I added a new user named root2 and set it's uid and gid ( in /etc/passwd ) to 0. Then I logged in ( account root2 ) and the server asked to change the password, so I changed.

And the problem happend. The password of both root and root2 changed. I had to log in ( root ) by new password, and everytimes I logged in ( root2 ) , the server asked to change password again. That also means I couldn't use account root2.

Someone know to to fix this, please

Thank you

Ok,
So you manually edited the /etc/passwd file.
Lesson no.1 You never do that.

Now, coming to your problem, after you change the password for root2, is it letting you in to the system?

Do you have sudo setup for sysadmin users? if so, login as that user then sudo to root (NOT root2). Edit the /etc/passwd file and remove the entry for root2.
Change the root password and make sure that you have not exceed the defined unsuccessfult_login_count.

If this don't work I can provide you another solution. 1st try this and let us know.

I hope this helps.

Hi,

I suggest not to do that.. you can use rbac(for AIX 6.1), create your roles and assing roles to other users. They have same authotity as root and it's safer thinking in security stuff.
Suppose you create a role myadminrole and assigned to a user israel, so log
1- log on as israel
2- swrole myadminrole
and do what ever you want.
This user can change the root password without any issues.

Hopes this helps

I counldn't log in as root2 because when I loged in as root2, the server always asked to change password, I changed password and then I was disconnected. I loged in 2nd times and the server asked again, and then again ...

I could log in as root normally, but with root2's password

If I remove the entry for root2, account root2 will not exist anymore ???

root2 never really existed at all -- that's kind of the problem. They were never independent the way you wanted and can't be, the UID prevents it. If you remove root2's line from /etc/passwd, it will just be /root again. Ordinarily I would never suggest editing /etc/passwd but you you did so in the first place, creating a situation the usual tools may not be equipped to handle.

Also, since you've changed the UID of root2 to the one of root, it changed the password of 'root' since that was the 'right' uid.
root2 didnt get the password update, since it has another original uid.

To avoid such disasters, i'd suggest to use these tools (as root obviously, and with care):
Read their respective --help output.
Or go GUI either way system-config-users.

Hope this helps

I would suggest not to use these tools, but in fact i do not even have to - they do not exist in AIX systems, only in Linux systems. Please take the forum you are posting to into account.

Same here. AIX tools do not have any options introduced with a double dash "--" and system-config-users simply doesn't exist.

To the problem:

A UNIX system identifies users by their UID, which is a number. When the system displays a user name instead of the number (like "root" instead of "0") it is because it translated the number first using "/etc/passwd" as translating table. Entries there are used from top to bottom. You can easily test this: create two users, "a" and "b" and modify the "/etc/passwd" so that both have the same UID. Now create a file and give the ownership to one of these accounts. Do a ls -l and you will see the first of the two users in "/etc/passwd" as owner. Now edit "/etc/passwd" and make the other entry the first. A ls -l will now show the other user (the one now coming first) as the owner.

If you do not exactly know what to do you should use the mkuser utility to create users, which makes all the necessary entries in "/etc/passwd", "/etc/security/passwd", "/etc/limits", etc.. You can change the UID later for the created account by modifying "/etc/passwd". Notice, though, that the id command and similar tools relying on "/etc/passwd" will identify this account as "root", for reasons stated above.

I hope this helps.

bakunin