BAD HZ VALUE (Multiple UID=0 Accounts)

[Jeff Liebermann]

chip at chinacat.Unicom.COM (Chip Rosenthal) writes:

>>I don't like this solution.  Does anyone have a better idea?

>Sure.  Create another user login, say `rootx', which is an exact duplicate
>of `root', except you use `/bin/csh' as the login shell.
>WHOOOPS!!!  Oh...you said SCO.  Never mind.  SCO has decided for you that
>you wouldn't want to create two accounts with the same UID.
>Fuck relaxed mode.  Please give me an off switch.

Relax.  It can be done (manually)
I have 2 root level logins:
	root    (the original stock incantation)
	rootksh (root permissions under the Korn Shell)

To do this:
1.  Create an ORDINARY bourne shell user called rootksh using
the sysadmsh menus.  Any UID and any GID.  These will be edited
later.

2.  Edit /etc/passwd to something like this:
	root:*:0:1:Superuser:/:
	rootksh:*:0:1:Superuser:/u/rootksh:/bin/ksh
You don't need to edit /etc/group.
Be sure NOT to leave any blank lines in /etc/passwd or C2
will complain bitterly.

3.  Now manually overwrite the tcb stuff with the real "root".
	cp /tcb/files/auth/r/root  /tcb/files/auth/r/rootksh
	chmod 660  /tcb/files/auth/r/rootksh
	chown root /tcb/files/auth/r/rootksh
	chgrp root /tcb/files/auth/r/rootksh
and edit the result changing u_name to rootksh.
Mine looks like this now:

rootksh:u_name=rootksh:u_id#0:\
	:u_pwd=sOBiCSbdYPUMs:\
	:u_type=root:u_owner=root:u_cmdpriv=audit,auth,su,backup,queryspace,cron,lp,printqueue,printerstat,mem,sysadmin,terminal,uucp:\
	:u_syspriv=suspendaudit,configaudit,writeaudit,execsuid,nopromain,chmodsugid,chown:\
	:u_minchg#0:u_exp#0:u_life#0:u_succhg#635564084:\
	:u_pickpw:u_genpwd:u_restrict@:u_suclog#665638924:\
	:u_suctty=tty02:u_unsuclog#665232858:u_unsuctty=tty02:u_maxtries#0:\
	:u_lock@:chkent:

Note that the u_pwd field is copied from root and is exactly
the same as the one for root.  The catch is that if you
change the root password, you MUST manually edit the one for
rootksh as the command: passwd rootksh   does NOT work.

4.  Now attack the subsystem database:
	cd /etc/auth/subsystems
You will find 9 configuration files that have the authorizations
for "root" in them.  Duplicate the line for root changing
the "root" to "rootksh" in each of the 9.  You do not need to
change dflt_users.  For example, my /etc/auth/subsystems/cron
file looks like this:
	root:cron
	rootksh:cron
	jeffl:cron
	(rest deleted)

5.  Now check if everything is correct with:
	/tcb/bin/authck -a
If it complains, fix it.

6.  The only other tricks are getting $HOME and $LOGNAME
correct.  I do this in the .profile file.
	export HOME=/
	export LOGNAME=root
	export MAIL=/usr/spool/mail/root
These overwrite the defaults set in -ksh and /etc/profile.

If you use ksh and 3.2.2, job control will hang any script that
writes to stdout from the background.  To eliminate this add:
	set +m
in your .profile.  End of problem and end of job control.

Another trick is to add to your  /etc/default/login  file:
	OVERRIDE=tty01
This prevents C2 from locking you out of your own machine.

I've been using these tweaks in 3.2.0 and 3.2.2 without difficulty.
I have NOT tried this under csh because ksh is so superior.

Disclaimer: Not connected with or authorized by SCO in any way.

-- 
# Jeff Liebermann   Box 272   1540 Jackson Ave     Ben Lomond    CA  95005
# (408)336-2558 voice  (408)429-0483 digital pager  wb6ssy  CIS:73557,2074 
# PC REPAIR & RF DESIGN    uunet!comix!jeffl    ucscc.ucsc.edu!comix!jeffl
# universe!milky_way!solar_system!earth!na!us!uunet!comix!jeffl