https://community.hpe.com/t5/operating-system-hp-ux/cde-screen-saver-password-with-sudo-root-users/m-p/2428113#M2047 We have several SA's in our shop that have been configured on a variety of machines with sudo root access. This allows everyone to have a profile they like, etc. The problem comes in when any of these SA's logon via CDE. They can login just fine with their sudo access, but if the screen saver activates, they need the actual root password to get back in. Part of the idea here is to be able to lockout a particular individual should the need arise without having to immediately change the root password all over the place (there are many trusts setup for root between machines). Is there a way to effectively deal with this CDE screen saver behavior? Disabling the screen saver is not an acceptable alternative either where we have all kinds of people floating around here that we don't ever want to have full root access (particularly operators). Wed, 28 Jun 2000 16:12:39 GMT Tim Malnati 2000-06-28T16:12:39Z https://community.hpe.com/t5/operating-system-hp-ux/cde-screen-saver-password-with-sudo-root-users/m-p/2428113#M2047 We have several SA's in our shop that have been configured on a variety of machines with sudo root access. This allows everyone to have a profile they like, etc. The problem comes in when any of these SA's logon via CDE. They can login just fine with their sudo access, but if the screen saver activates, they need the actual root password to get back in. Part of the idea here is to be able to lockout a particular individual should the need arise without having to immediately change the root password all over the place (there are many trusts setup for root between machines). Is there a way to effectively deal with this CDE screen saver behavior? Disabling the screen saver is not an acceptable alternative either where we have all kinds of people floating around here that we don't ever want to have full root access (particularly operators). Wed, 28 Jun 2000 16:12:39 GMT https://community.hpe.com/t5/operating-system-hp-ux/cde-screen-saver-password-with-sudo-root-users/m-p/2428113#M2047 Tim Malnati 2000-06-28T16:12:39Z https://community.hpe.com/t5/operating-system-hp-ux/cde-screen-saver-password-with-sudo-root-users/m-p/2428114#M2048 Have the SAs do the 'sudo su -' as opposed to login as sudo root.<BR />When the screen locks via the screensaver, the non-root passwd will unlock it. Wed, 28 Jun 2000 16:51:22 GMT https://community.hpe.com/t5/operating-system-hp-ux/cde-screen-saver-password-with-sudo-root-users/m-p/2428114#M2048 Rick Garland 2000-06-28T16:51:22Z https://community.hpe.com/t5/operating-system-hp-ux/cde-screen-saver-password-with-sudo-root-users/m-p/2428115#M2049 I'm unaware of how to achieve what your after under CDE so I'd go with Ricks answer :<BR /><BR />However to actively encourage your users to do this the following info maybe handy ?<BR /><BR />Both dtlogin and vuelogin do not refer to the /etc/securetty file<BR />after checking the login information against the /etc/passwd file.<BR /><BR />To keep root from using the workstation graphics console or xterminal<BR />when vuelogin or dtlogin are running, add the following lines to the<BR />end of either /usr/vue/config/Xstartup (in HP-UX 10.X this would be<BR />/etc/vue/config/Xstartup) or /etc/dt/config/Xstartup (copy over from<BR />/usr/dt/config if the file does not exist in /etc/dt/config) for CDE:<BR /><BR /> if [ $USER = root ] ; then<BR /> exit 1<BR /> fi<BR /><BR />This will terminate the login process if the user is logging in as<BR />root.<BR /><BR />NB if a user logs in the root password will still be able to unclock the screen-lock.<BR /><BR />Hope this helps ? Thu, 29 Jun 2000 08:34:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/cde-screen-saver-password-with-sudo-root-users/m-p/2428115#M2049 Alex Glennie 2000-06-29T08:34:01Z