HPE Community
Operating System - HP-UX
1832154 Members
3575 Online
110038 Solutions
New Discussion

/etc/default/su

 
Tan Cheng Chye
New Member

‎03-01-2006 06:36 PM

‎03-01-2006 06:36 PM

/etc/default/su

I'm trying to implement a security requirement whereby a non-root user who uses the "su" command will not be prompted to enter root's password so as not to expose root's password to the user but still be able to track the non-root user's usage of the "su" command. I understand that in some Unix OS, this can be accomplished by editing the "/etc/default/su" file and creating a line with the following entry "PROMPT=no". Is this feature available and supported for HP-UX 11.0? If not, is there a way to do this on HP-UX?
0 Kudos
Reply
5 REPLIES 5
Devender Khatana
Honored Contributor

‎03-01-2006 06:41 PM

‎03-01-2006 06:41 PM

Re: /etc/default/su

Hi,

An alternative I know is to use sudo for a normal user to achive him doing previledged work. Also on using sudo to do this he will be prompted for his own password rather than root's password.Also this will be very well logged into syslog.log.

Apart from this giving su permission to users is not advisable as after doing su he can do anything. A better option will be to give previledge to user for only required commands using sudo.

HTH,
Devender
Impossible itself mentions "I m possible"
0 Kudos
Reply
Arunvijai_4
Honored Contributor

‎03-01-2006 06:54 PM

‎03-01-2006 06:54 PM

Re: /etc/default/su

Hello,

As far as i know, HP-UX doesn't have /etc/default/su as of Solaris and SCO. For security related features, refer to the /etc/default/security file in the security(4) manual page.

# man su will also provide you more information.

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Reply
Tan Cheng Chye
New Member

‎03-02-2006 01:30 PM

‎03-02-2006 01:30 PM

Re: /etc/default/su

Thanks for the information. I take it that /etc/default/su is not applicable in HP-UX.

/etc/default/security only allows one to configure the parameters SU_ROOT_GROUP, SU_DEFAULT_PATH and SU_KEEP_ENV_VARS pertaining to "su", which does not address my requirement.

Will check out sudo. However, I understand that it's a third party freeware. Is it supported by HP and where can I get a copy for HP-UX 11.0?
0 Kudos
Reply
Arunvijai_4
Honored Contributor

‎03-02-2006 03:50 PM

‎03-02-2006 03:50 PM

Re: /etc/default/su

Hi,

sudo is part of Internet Express suite which can be downloaded from,

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1111

Also, from

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.8p12/

Note : This is only for 11.11, not 11.0

You can compile on your own for 11.0

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Reply
Mustafa Gulercan
Respected Contributor

‎03-02-2006 06:11 PM

‎03-02-2006 06:11 PM

Re: /etc/default/su

hi;
you may follow these steps;
1-add a wheel group

# groupadd wheel

2-and add which user you wanna allow su - root

#usermod -G wheel

3- edit the /etc/default/security

SU_ROOT_GROUP=wheel




regards,

mustafa
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.