HPE Community
Operating System - HP-UX
1828960 Members
2263 Online
109986 Solutions
New Discussion

Allowing only certain user to su as another specific user.

 
Daniel Nadler
New Member

‎10-30-2008 08:11 PM

‎10-30-2008 08:11 PM

Allowing only certain user to su as another specific user.

We have a group account that we need to specify only certain users to have the ability to su to this group account. We need it so that any other user not specified will not be able to su, even if they do have the password to the group account. Currently the only way to get into this group account is to su via your personal account, however anyone on the system can su to this group account if they have the correct password. We need to restrict only certain users this ability. Is this possible?
0 Kudos
Reply
5 REPLIES 5
RAC_1
Honored Contributor

‎10-30-2008 08:27 PM

‎10-30-2008 08:27 PM

Re: Allowing only certain user to su as another specific user.

There two things that are coming to my mind.

sudo and custom script for su command.
There is no substitute to HARDWORK
0 Kudos
Reply
Suraj K Sankari
Honored Contributor

‎10-30-2008 09:06 PM

‎10-30-2008 09:06 PM

Re: Allowing only certain user to su as another specific user.

Hi,

Implement sudo into your system and create separate account for all user.

Suraj
0 Kudos
Reply
Daniel Nadler
New Member

‎10-30-2008 09:07 PM

‎10-30-2008 09:07 PM

Re: Allowing only certain user to su as another specific user.

I know there is already a file in place that restricts the group user from sshing to another host. I believe it's a sudoers file, but I am unable to locate it. I need some working example code before I submit this to the lead systems admin.

my idea as ksh code would be:

if [ "$loginname" = "Uid" -o "$loginname" = "Uid" ]
then
Allow group account connect
else
Deny group account connect
fi

Or some way of only users with a specific group associate with the id will allow user to su to group account.

Thanks in advance any help or suggestions provided.
0 Kudos
Reply
Daniel Nadler
New Member

‎10-30-2008 09:10 PM

‎10-30-2008 09:10 PM

Re: Allowing only certain user to su as another specific user.

FYI - I am not a Sys Admin on these systems. I'm one of the users that will need access to su to the group account... along with other members of my team. Reason I am asking for help, is the password to this group account continually leaks out and users that shouldnt' be logging in as this group account are and are making changes that are impacting files that shouldn't be changed.
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎10-31-2008 12:42 AM

‎10-31-2008 12:42 AM

Re: Allowing only certain user to su as another specific user.

With RAC's comment about sudo, you enable sudo to allow anyone authorized to change to that account. And then you simply assign a random password to that user and don't tell anyone, even yourself. If you can "*" out that user and su still works, even better.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.