- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Restrict su command for particular user
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-27-2012 03:36 AM
12-27-2012 03:36 AM
Restrict su command for particular user
Hi experts
In HP-UX is it possible to restrict su command for specific user?
For eg .users .profile file i set alias name for su
alias su='hostname'
Other Than any options available...? please suggest
Thanks in Aadvance.
Ajin.S
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
- Tags:
- su
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-27-2012 03:42 AM
12-27-2012 03:42 AM
Re: Restrict su command for particular user
Why do you care? He has to know the password.
Otherwise you would have to make a SUID script to check for that user, then invoke the real su.
And the real su would have to have its permissions changed to only allow root to execute it.
(Hmm, unfortunately, then that changed su would never ask for passwords. )-:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-27-2012 03:54 AM
12-27-2012 03:54 AM
Re: Restrict su command for particular user
Hi Dennis
Thanks for reply.
My requirement is i want to restrict the su command for list of users .
We are using su command in scripts ,so
Ajin.S
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-27-2012 04:05 AM
12-27-2012 04:05 AM
Re: Restrict su command for particular user
>I want to restrict the su command for list of users. We are using su command in scripts
You can change your scripts check for those users before you do the su command.
(Of course the user could copy the script and remove those checks.)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-27-2012 05:54 AM
12-27-2012 05:54 AM
Re: Restrict su command for particular user
There are no built-in security features for the su command. If the user knows the password to the user they are trying to become, then they can use it. Many shops where security is an issue remove the su command and make users and scripts use either sudo or RBAC. The sudo utilities have been around for a long time and are more common. However, they are open source and not directly supported by HP. I would suggest using the HP-UX RBAC packages built into 11.31 and available for 11.23. They let you get very granular in granting privileges and give you logs. They are no harder to structure than sudo and I think they work better, once you get past the learning curve.