https://community.hpe.com/t5/operating-system-hp-ux/etc-default-su/m-p/3742323#M740591 hi;<BR />you may follow these steps;<BR />1-add a wheel group<BR /><BR /># groupadd wheel<BR /><BR />2-and add which user you wanna allow su - root<BR /><BR />#usermod -G wheel <USERNAME><BR /><BR />3- edit the /etc/default/security<BR /><BR />SU_ROOT_GROUP=wheel<BR /><BR /><BR /><BR /><BR />regards,<BR /><BR />mustafa</USERNAME> Fri, 03 Mar 2006 02:11:10 GMT Mustafa Gulercan 2006-03-03T02:11:10Z https://community.hpe.com/t5/operating-system-hp-ux/etc-default-su/m-p/3742318#M740586 I'm trying to implement a security requirement whereby a non-root user who uses the "su" command will not be prompted to enter root's password so as not to expose root's password to the user but still be able to track the non-root user's usage of the "su" command. I understand that in some Unix OS, this can be accomplished by editing the "/etc/default/su" file and creating a line with the following entry "PROMPT=no". Is this feature available and supported for HP-UX 11.0? If not, is there a way to do this on HP-UX? Thu, 02 Mar 2006 02:36:33 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-default-su/m-p/3742318#M740586 Tan Cheng Chye 2006-03-02T02:36:33Z https://community.hpe.com/t5/operating-system-hp-ux/etc-default-su/m-p/3742319#M740587 Hi,<BR /><BR />An alternative I know is to use sudo for a normal user to achive him doing previledged work. Also on using sudo to do this he will be prompted for his own password rather than root's password.Also this will be very well logged into syslog.log.<BR /><BR />Apart from this giving su permission to users is not advisable as after doing su he can do anything. A better option will be to give previledge to user for only required commands using sudo.<BR /><BR />HTH,<BR />Devender Thu, 02 Mar 2006 02:41:34 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-default-su/m-p/3742319#M740587 Devender Khatana 2006-03-02T02:41:34Z https://community.hpe.com/t5/operating-system-hp-ux/etc-default-su/m-p/3742320#M740588 Hello, <BR /><BR />As far as i know, HP-UX doesn't have /etc/default/su as of Solaris and SCO. For security related features, refer to the /etc/default/security file in the security(4) manual page. <BR /><BR /># man su will also provide you more information. <BR /><BR />-Arun <BR /> Thu, 02 Mar 2006 02:54:15 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-default-su/m-p/3742320#M740588 Arunvijai_4 2006-03-02T02:54:15Z https://community.hpe.com/t5/operating-system-hp-ux/etc-default-su/m-p/3742321#M740589 Thanks for the information. I take it that /etc/default/su is not applicable in HP-UX. <BR /><BR />/etc/default/security only allows one to configure the parameters SU_ROOT_GROUP, SU_DEFAULT_PATH and SU_KEEP_ENV_VARS pertaining to "su", which does not address my requirement. <BR /><BR />Will check out sudo. However, I understand that it's a third party freeware. Is it supported by HP and where can I get a copy for HP-UX 11.0? Thu, 02 Mar 2006 21:30:29 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-default-su/m-p/3742321#M740589 Tan Cheng Chye 2006-03-02T21:30:29Z https://community.hpe.com/t5/operating-system-hp-ux/etc-default-su/m-p/3742322#M740590 Hi, <BR /><BR />sudo is part of Internet Express suite which can be downloaded from, <BR /><BR /><A href="http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1111" target="_blank">http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1111</A><BR /><BR />Also, from <BR /><BR /><A href="http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.8p12/" target="_blank">http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.8p12/</A><BR /><BR />Note : This is only for 11.11, not 11.0<BR /><BR />You can compile on your own for 11.0<BR /><BR />-Arun Thu, 02 Mar 2006 23:50:28 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-default-su/m-p/3742322#M740590 Arunvijai_4 2006-03-02T23:50:28Z https://community.hpe.com/t5/operating-system-hp-ux/etc-default-su/m-p/3742323#M740591 hi;<BR />you may follow these steps;<BR />1-add a wheel group<BR /><BR /># groupadd wheel<BR /><BR />2-and add which user you wanna allow su - root<BR /><BR />#usermod -G wheel <USERNAME><BR /><BR />3- edit the /etc/default/security<BR /><BR />SU_ROOT_GROUP=wheel<BR /><BR /><BR /><BR /><BR />regards,<BR /><BR />mustafa</USERNAME> Fri, 03 Mar 2006 02:11:10 GMT https://community.hpe.com/t5/operating-system-hp-ux/etc-default-su/m-p/3742323#M740591 Mustafa Gulercan 2006-03-03T02:11:10Z