Hi,can someone assist with it?
Creating another user w/ the uid of 0 is actually a security violation per many common industry security policies (PCI, CIS, etc) so before you do that I would consult w/ your security team to see if this is approved.
Putting a user in the root group would probably not do much because a lot of things are secured by user owner and your uid for blade1 does not match. I’m not sure why the mapping to blade didn’t work – I would assume it’s because we expect there to be only a single account per uid.
If you are going to create a separate account w/ the same uid/gid as root, why can’t you just map to root? this seems kind of pointless.
We a little confuse regarding - root equivalent, because the customer would like to work with other account and not map to root,
Did we miss anything?
I don’t understand the point here – you want to create a root equivalent account that has the same uid as root but cannot map to the actual root account. what is the point of that? why can you not map to the named root account ?
We can map to root, but we would like to understand why inside the BBSA docs we found that we can create a root equivalent account?
What usually others customers do? Map directly to root?
Where inside the bsa does did you find you can create a root equivalent account?
Most customers map to root.
I don’t think that’s what erezfr is talking about – he’s trying to create an OS level account that can do everything root can, but is not named ‘root’ and then map to this user via bsa. as I mentioned the only way to create an OS level account like this is to create an acct w/ the uid of 0. But this is typically a security violation in most OS security policies I’ve seen and some OS vendors might not support this. the bottom line is that you should map to root and if you need to limit access, do that w/ RBAC so the BSA users can only perform the actions you want them to.
I added the xref to the other thread simply for the sake of completeness because the last two questions in this thread were about the use of the root equivalency account and the other thread contains a discussion about it and a link to the documentation where it is referenced.
To avoid confusion between root equivalency is and the actual original question raised here, I have linked your response as a correct answer.
Hope this is OK