cancel
Showing results for 
Search instead for 
Did you mean: 

Query on su command

Ronny_7
Regular Advisor

Query on su command

Hi,

My customer has an Alpha system running on Tru64 Unix V5.1 with C2 enhanced security.

Currently all the users can su to root and also no password is required.

e.g.
$ id
uid=221(limjud01) gid=15(users)
$ su - root
ualnrk60.au.u1525.unilever.com:/>

The users group id is 15 and they are not in the system group 0.

Any ideas where has gone wrong?

Thanks and Regards,
Ronny
14 REPLIES
Mobeen_1
Esteemed Contributor

Re: Query on su command

Ronny,
Would you want to implement password? I mean is it that you want the user who is performing an su to root be prompted for password? Please clarfiy

regards
Mobeen
Ronny_7
Regular Advisor

Re: Query on su command

Hi Mobeen,

Forgive me for the confusion.

My customer wants to disallow the users to su to root.

However, currently all the users can su to root.

Also when they su to root, they are NOT prompted for password which puzzled the customer.

Hope this is more clear.

Thanks and Regards,
Ronny
Mobeen_1
Esteemed Contributor

Re: Query on su command

Ronny,
In that case i suggest that you edit the /etc/security file and remove the entry for root.

If you are unsure, post your /etc/security file contents here and i will let you know what changes need to be made.

rgds
Mobeen
Ronny_7
Regular Advisor

Re: Query on su command

Hi Mobeen,

Thank you for the reply.

I tried checking my system in office which is running V4.0F with C2, but I could not find this file /etc/security.

Is this file found in V5.1?

Thanks and Regards,
Ronny
Mobeen_1
Esteemed Contributor

Re: Query on su command

Ronny,
There are many ways of doing disabling su. If you would like to disable su for all the users, you can do that by removing the execute permissions on the su binary.

I would also suggest that you look into sudo, that gives you more flexibility.

rgds
Mobeen
Ronny_7
Regular Advisor

Re: Query on su command

Hi Mobeen,

Please forgive me if my queries are not clear.

From what I know if the users are not in the system group 0, then the users should get this message when try to su to root,
"You do not have the permission to su root".

Also if user has the permission to su to root, he should be prompted for password.

For my customer's case, the users are able to su to root and no password is prompted.

e.g.
$ id
uid=221(limjud01) gid=15(users)
$ su - root
ualnrk60.au.u1525.unilever.com:/>

Is there some configurations not done correctly someway?

Thanks and Regards,
Ronny
Mobeen_1
Esteemed Contributor

Re: Query on su command

Ronny,

It looks to me like this behaviour is being caused by
"the root account having no passwd"

Thus all members of the "system" group obtain root without any password or being prompted a password.

To rule this out, can you please verify if your root has a password or if you can 'su' from any non-system user to root without password?

rgds
Mobeen
Mobeen_1
Esteemed Contributor

Re: Query on su command

Ronny,
Were you able to do it. Sorry i was unable to log in past couple of days due to some issues at my end

rgds
Mobeen
Ronny_7
Regular Advisor

Re: Query on su command

Hi Mobeen,

I am still unable to find the cause for this.

Customer's root account does has password set. He does need to login with password when logging into root account.

The "edauth -g root" output does shows there is an encrypted password.

Regard,
Ronny
Ann Majeske
Honored Contributor

Re: Query on su command

Ronny,

Are you sure the su command being used is the su command supplied with the system?

Ann
Ronny_7
Regular Advisor

Re: Query on su command

Hi Ann,

This is the output of su from the system,
/> ls -al /usr/bin/su
-rws--x--x 1 root bin 24832 Oct 17 2002 /usr/bin/su

Are you suspecting something wrong with this su?

Thanks and Regards,
Ronny
Ann Majeske
Honored Contributor

Re: Query on su command

Hi Ronny,

In your original message you said that you are running V5.1, but the ls -al of /usr/bin/su shows that you are running v5.1b. When you're asking for help we need to know the exact version, because many of the problems are version specific. I don't think that's the problem in your case, though.

The reason I asked about the su command is that someone could have replaced it with a program that does whatever they want, i.e. allow su without the password. Even though the /usr/bin/su command doesn't appear to have been tampered with, you should still search the system for another, just in case. Someone could have put an altered su program somewhere else in your users path and that could be the one being executed.

At this point we're looking for anything strange in the system setup that could have caused this behavior, and a hacked su command is one of the possibilities.

How did you check to make sure that the root account has a password? The password should appear in the prpasswd entry for root, not just the /etc/passwd file. You can check the prpasswd entry for root with the edauth command:
edauth -g root
There should be a u_pwd= field. Another way to check to see if the root account really has a password is to try to login as root instead of just su. Try:
/usr/bin/login root
and just hit the Enter key instead of entering a password and see what happens.

Ann
Ronny_7
Regular Advisor

Re: Query on su command

Hi Ann,

The Tru64 Unix version is V5.1B.
I have miss-typed it.
Sorry for the confusion caused.

Customer did tried login direct to root, not by su, and he is prompted for password.

The out of "edauth -g root" does shows the u_pwd field with the encrypted password.

Thanks and Regards,
Ronny
Hein van den Heuvel
Honored Contributor

Re: Query on su command

The man page for su mentions special processing based on kerberos tickets.
Is kerberos 'active' on this site?
Try 'ktutil' for a listing?

Hein.