HPE Community
Operating System - HP-UX
1834512 Members
2346 Online
110068 Solutions
New Discussion

Disallow su to login

 
Al Langen_2
Advisor

‎02-10-2000 08:11 AM

‎02-10-2000 08:11 AM

Disallow su to login

We have an application that requires root privileges to run but prevents users
who login from gaining shell access. If a user su's to the login for this
application, they are granted full root privileges and are given access to the
shell.
Short or rewriting su, is there some way of preventing a login access through
su (outside of su -)?
0 Kudos
Reply
3 REPLIES 3
Thotam setty Gupta
New Member

‎02-10-2000 04:17 PM

‎02-10-2000 04:17 PM

Re: Disallow su to login

One way is to make your system a trusted system. This disallows everybody
except root to su.
0 Kudos
Reply
Willaim Hart
Advisor

‎02-11-2000 03:55 AM

‎02-11-2000 03:55 AM

Re: Disallow su to login

you might try using the /etc/group file.
you can create user groups and associated privileges.
check your system documentation for specifics.
associated files are /etc/group and /etc/logingroup
and the setprivgrp command.
0 Kudos
Reply
Joey Sta. cruz_1
New Member

‎02-16-2000 03:04 PM

‎02-16-2000 03:04 PM

Re: Disallow su to login

hi,

run this command "lsacl /usr/bin/su" this will check which users has su
access. Should see similar to this
(root.%,r-x)(%.bin,r-x)(%.%,r-x) /usr/bin/su

on the 3rd parenthesis which (%.%,r-x) it allows all users to use su command.
You can define specific users to access su command. Please refer to man page
on using chacl

Regards
Joey
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.