Though this is off-topic:
I have had REALLY BAD experiences with su in Unix. When you have a lot to do, and certainly in a very stressfull environment, it's easy to forget you did su. With all consequences...In my case, the whole system was blown to pieces, just because of this. and there was no way to find out who did it...
Actually, if we had something like
$ RUN/IMPERSONATION=
....
to run just THAT image under that user's account, that would be sufficient IMHO.
Still wthin this, I double Jan's suggestions.
I would put even more restrictions:
At least "IMPERSONATE" privilege would be required. But additionally, you need GRPPRV to switch to another with your group and SYSPRV to any other - which means typically system-group users.
However, considering "root" in Unix terms equals VMS's "SYSTEM", it should NEVER be allowed to impersonate any account in a group where grp <= MAXSYSGROUP. Why would you: If you could, there is no need to do that, you can login that way!
(With one exception, perhaps: if your groupnumber is <= MAXSYSGROUP, when you have both SYSPRV and GRPPRV. It can be handy - but just that!)
If interactive "su" is implemented, all above applies, but I think it wise that default privileges should be as low as possible. Just enable authorized privilges is needed. Also, there must be a clear warning that you "su"'d, ON ANY PROMPT, which cannot be undone. I don't care in what format!
And PLEASE give it a decent name....
Willem
Willem Grooters
OpenVMS Developer & System Manager
