From owner-freebsd-questions@FreeBSD.ORG Tue Oct 10 21:32:34 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF4EB16A403 for ; Tue, 10 Oct 2006 21:32:34 +0000 (UTC) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: from gizmo.acns.msu.edu (gizmo.acns.msu.edu [35.8.1.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id 64F7E43D9C for ; Tue, 10 Oct 2006 21:31:46 +0000 (GMT) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: from gizmo.acns.msu.edu (localhost [127.0.0.1]) by gizmo.acns.msu.edu (8.13.6/8.13.6) with ESMTP id k9ALTdA1005403; Tue, 10 Oct 2006 17:29:39 -0400 (EDT) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: (from jerrymc@localhost) by gizmo.acns.msu.edu (8.13.6/8.13.6/Submit) id k9ALTdct005402; Tue, 10 Oct 2006 17:29:39 -0400 (EDT) (envelope-from jerrymc) Date: Tue, 10 Oct 2006 17:29:39 -0400 From: Jerry McAllister To: alena eckert Message-ID: <20061010212939.GC5172@gizmo.acns.msu.edu> References: <180722FAFBF7C548AE587D81D0107E6A03826761@flanmbxm1.uaig.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <180722FAFBF7C548AE587D81D0107E6A03826761@flanmbxm1.uaig.net> User-Agent: Mutt/1.4.2.2i Cc: freebsd-questions@freebsd.org Subject: Re: Creating a Super user Account X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Oct 2006 21:32:34 -0000 On Tue, Oct 10, 2006 at 01:57:54PM -0400, alena eckert wrote: > Hello, > > > > I work for United Automobile Insurance Group. We recently had our only > employee with a super user account leave the company. No here knows > this employees id or password to update information. Can you please > advise how we can create new accounts and give someone a super user > account without this information? Look up information on booting in to "single user" mode. When you do this, you are effectively in root at the console with no network services or extra stuff running. Then, you merely need to: make sure the filesystems are clean - fsck(8) remount root with reae/write permission - mount(8) mount other filesystems you might need - mount(8) might as well turn on swap space - swapon(8) eg. fsck -p mount -u / mount -a swapon -a At this point you can use vipw(8) to add an account and passwd(1) to set or change passwords. vipw is a special version of the 'vi' editor that handles the passwd file. It takes care of locks, and updating the master passwd file and the password database so you don't have to do anything with them by hand. The editing rules in vipw are the same as in regular vi. The ideal thing is to copy the line with the root account on it and then dup it. Change the id name field and possible the home directory if you want to keep them separate. Then once you get out of vipw with a 'ESC : w q' (no spaces, I just put them there to be clear) which cause the changes to be written to the file, you then need to run passwd to set a password on the new account. passwd newid follow the prompts. Then, edit the /etc/group file and put your regular non-root id in the wheel group - just add it on the end of the list if any with a comma separating it from previous ones. Then, reboot. shutdown -r now log in as your regular id - that you just added to wheel group. then su to the new root id to do root work. su newid then give the newid password when it asks. When you get done with the work, leave the root account by typing exit at a system shell prompt This is better and a small amount more secure than setting a password on the regular root account. But, you can just put a password on the root account and su to it - just do the su without an id on the line. ////jerry > > Thank you in advance, > > Alena > > (305) 940-7299 ext. 2422 >