cancel
Showing results for 
Search instead for 
Did you mean: 

Security

Richard Oberndorfer
Occasional Visitor

Security

I have been asked to provide root login capabilities for the auditors. They suggest /etc/securetty for HP UX. This does not exist on our HP UX system. What would it be for Tru64 with Enhanced Security?

Thanks,
Dick
7 REPLIES
Victor Semaska
Frequent Advisor

Re: Security

On Tru64 it's /etc/securettys. You could add a line with 'ptys' (minus the quotes) so root can log in from somehwere other than just the console. I wouldn't recommend this though.

I suggest you add the auditors accounts to the 'system' group. Once part of that group they can '# su -' to the root account.

Vic
Richard Oberndorfer
Occasional Visitor

Re: Security

Okay, I understand the question now.

Perhaps you can answer me this. When I do an su - to root, if I start a utility, it starts with my personal account access. So if I am trying to fix something and am restrarting it - nsr for instance - If I do not have sign on to root through a tty I am very constrained. Is there a Tru64 parameter I can use with su to say I really want to be root?

Thanks for your response
Victor Semaska
Frequent Advisor

Re: Security

I've never seen that type of behavior before. Whenever I '# su -' to root I am logged in as root.

What version of Tru64 and Patch Kit level are you running? Could you provide output from the terminal session of this behavior?

Vic
Richard Oberndorfer
Occasional Visitor

Re: Security



The attached file show the log messages for nsr. I was working in root and restarted nsr - forgetting I was su 'ed to root.

It was similar to the 'w' output shown below the log entries.

The su_notes.txt file is best viewed as 132 column output.

Thanks,
Dick
Victor Semaska
Frequent Advisor

Re: Security

Dick,

The 'w' command shows the username that logged in. 'su -' over to root and try 'whoami'. See if it says 'root'.

Vic
Richard Oberndorfer
Occasional Visitor

Re: Security

yep,

whoami says I am root,

but nsr and other applicaations run as oberndor. Somehow nsr mostly manages, other applications outright fail.
Johan Brusche
Honored Contributor

Re: Security


And what do you get with "echo $LOGNAME"
also root, or the original login name from before the su ?

if LOGNAME .neq. root after su, then ask patch.

JB.

_JB_