https://community.hpe.com/t5/operating-system-hp-ux/command-su/m-p/4052781#M304764 Hi:<BR /><BR />If restricting access to the root account is your goal, setup the 'SU_ROOT_GROUP' parameter in '/etc/default/security'. See the 'security(4)' manpages.<BR /><BR />Regards!<BR /><BR />...JRF... Thu, 09 Aug 2007 12:31:44 GMT James R. Ferguson 2007-08-09T12:31:44Z https://community.hpe.com/t5/operating-system-hp-ux/command-su/m-p/4052779#M304762 Hi.<BR /><BR />I need to block the "su" command in hpux, so nobody is able to execute it<BR /><BR />Any idea.<BR /><BR />Thks.<BR /> Thu, 09 Aug 2007 12:24:23 GMT https://community.hpe.com/t5/operating-system-hp-ux/command-su/m-p/4052779#M304762 Leonardo Preciado 2007-08-09T12:24:23Z https://community.hpe.com/t5/operating-system-hp-ux/command-su/m-p/4052780#M304763 You could "rm" it or, perhaps "mv" it to a different name, known only to you.<BR /><BR /><BR />Pete Thu, 09 Aug 2007 12:28:09 GMT https://community.hpe.com/t5/operating-system-hp-ux/command-su/m-p/4052780#M304763 Pete Randall 2007-08-09T12:28:09Z https://community.hpe.com/t5/operating-system-hp-ux/command-su/m-p/4052781#M304764 Hi:<BR /><BR />If restricting access to the root account is your goal, setup the 'SU_ROOT_GROUP' parameter in '/etc/default/security'. See the 'security(4)' manpages.<BR /><BR />Regards!<BR /><BR />...JRF... Thu, 09 Aug 2007 12:31:44 GMT https://community.hpe.com/t5/operating-system-hp-ux/command-su/m-p/4052781#M304764 James R. Ferguson 2007-08-09T12:31:44Z https://community.hpe.com/t5/operating-system-hp-ux/command-su/m-p/4052782#M304765 Shalom,<BR /><BR />It is also possible to block su access without disabling the command, by modifying the default pam configuration.<BR /><BR />Some links with peripheral <BR /><BR />information:<A href="http://technet2.microsoft.com/windowsserver/en/library/5df736af-382f-4a6e-b2be-e83ff84557171033.mspx" target="_blank">http://technet2.microsoft.com/windowsserver/en/library/5df736af-382f-4a6e-b2be-e83ff84557171033.mspx</A><BR /><BR /><BR /><A href="http://barney.gonzaga.edu/~awithers/integration/" target="_blank">http://barney.gonzaga.edu/~awithers/integration/</A><BR /><BR /><BR />SEP Thu, 09 Aug 2007 12:36:52 GMT https://community.hpe.com/t5/operating-system-hp-ux/command-su/m-p/4052782#M304765 Steven E. Protter 2007-08-09T12:36:52Z https://community.hpe.com/t5/operating-system-hp-ux/command-su/m-p/4052783#M304766 Leonardo,<BR /><BR />I like more James suggestions to edit your security file and limit your users to specific group (admins) <BR />SU_ROOT_GROUP=admins<BR /><BR />good luck Thu, 09 Aug 2007 13:08:28 GMT https://community.hpe.com/t5/operating-system-hp-ux/command-su/m-p/4052783#M304766 Juan M Leon 2007-08-09T13:08:28Z https://community.hpe.com/t5/operating-system-hp-ux/command-su/m-p/4052784#M304767 Hi<BR /><BR />my OS HP-UX 11.11 haven't archive /etc/default/security<BR /> Thu, 09 Aug 2007 14:07:47 GMT https://community.hpe.com/t5/operating-system-hp-ux/command-su/m-p/4052784#M304767 Leonardo Preciado 2007-08-09T14:07:47Z https://community.hpe.com/t5/operating-system-hp-ux/command-su/m-p/4052785#M304768 you can create the file although it doesnot exist. Thu, 09 Aug 2007 14:21:08 GMT https://community.hpe.com/t5/operating-system-hp-ux/command-su/m-p/4052785#M304768 Juan M Leon 2007-08-09T14:21:08Z