HPE Community
Operating System - HP-UX
1837920 Members
5281 Online
110124 Solutions
New Discussion

Re: CDE screen saver password with sudo root users

 
Tim Malnati
Honored Contributor

‎06-28-2000 09:12 AM

‎06-28-2000 09:12 AM

CDE screen saver password with sudo root users

We have several SA's in our shop that have been configured on a variety of machines with sudo root access. This allows everyone to have a profile they like, etc. The problem comes in when any of these SA's logon via CDE. They can login just fine with their sudo access, but if the screen saver activates, they need the actual root password to get back in. Part of the idea here is to be able to lockout a particular individual should the need arise without having to immediately change the root password all over the place (there are many trusts setup for root between machines). Is there a way to effectively deal with this CDE screen saver behavior? Disabling the screen saver is not an acceptable alternative either where we have all kinds of people floating around here that we don't ever want to have full root access (particularly operators).
0 Kudos
Reply
2 REPLIES 2
Rick Garland
Honored Contributor

‎06-28-2000 09:51 AM

‎06-28-2000 09:51 AM

Re: CDE screen saver password with sudo root users

Have the SAs do the 'sudo su -' as opposed to login as sudo root.
When the screen locks via the screensaver, the non-root passwd will unlock it.
0 Kudos
Reply
Alex Glennie
Honored Contributor

‎06-29-2000 01:34 AM

‎06-29-2000 01:34 AM

Re: CDE screen saver password with sudo root users

I'm unaware of how to achieve what your after under CDE so I'd go with Ricks answer :

However to actively encourage your users to do this the following info maybe handy ?

Both dtlogin and vuelogin do not refer to the /etc/securetty file
after checking the login information against the /etc/passwd file.

To keep root from using the workstation graphics console or xterminal
when vuelogin or dtlogin are running, add the following lines to the
end of either /usr/vue/config/Xstartup (in HP-UX 10.X this would be
/etc/vue/config/Xstartup) or /etc/dt/config/Xstartup (copy over from
/usr/dt/config if the file does not exist in /etc/dt/config) for CDE:

if [ $USER = root ] ; then
exit 1
fi

This will terminate the login process if the user is logging in as
root.

NB if a user logs in the root password will still be able to unclock the screen-lock.

Hope this helps ?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.