HPE Community
Operating System - HP-UX
1828667 Members
1918 Online
109984 Solutions
New Discussion

Re: su - switch user - NON-root

 
SOLVED
Go to solution
OFC_EDM
Respected Contributor

‎04-15-2006 03:35 PM

‎04-15-2006 03:35 PM

su - switch user - NON-root

As you all know if you're logged into an HP-UX server as "root" when you switch user (su) to another account you can do so - without being prompted for a password.

I'd like to setup this same behaviour for 2 regular user accounts.

Preferrably without having to install sudo.

Any ideas on how to accomplish this?
The Devil is in the detail.
0 Kudos
Reply
2 REPLIES 2
Steven E. Protter
Exalted Contributor

‎04-15-2006 08:01 PM

‎04-15-2006 08:01 PM

Re: su - switch user - NON-root

Kevin,

You are asking for an account to have a special prviledge only granted to root, without being root.

You are essentially granting root access to these accounts. Its an enormous security hole, but if you assign the numeric account id to zero, same as root, these accounts will have the same power.

They will also have all the other powers of root and I recommend you not do this.

You may be able to manipulate the pam.d configuration files to create the same behavior.

This is risky and root user and root cron should be used for these operations.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Sยภเl Kย๓คг
Respected Contributor

‎04-15-2006 10:06 PM

‎04-15-2006 10:06 PM

Solution

Re: su - switch user - NON-root

Hi,

1.Create a new group and assign those two users in the new group.
2.Edit /etc/default/security file and make SU_ROOT_GROUP as the new group.
3.Customise the pam authentication, so that the password is not prompted for those two users when they issue 'su'

Regards,
Sunil
Your imagination is the preview of your life's coming attractions
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.