Operating System - HP-UX
1834660 Members
2713 Online
110069 Solutions
New Discussion

Forcing the use of the "-" option with su

 
SOLVED
Go to solution
Jody Bennett
Advisor

Forcing the use of the "-" option with su

Is there an easy way to force all users to use the "-" option when they use the su command?
"Sometimes you have to jump more than one fence to get out of the pasture."
5 REPLIES 5
Jeff Schussele
Honored Contributor

Re: Forcing the use of the "-" option with su

Hi Jody,

Sure - I can think of two ways:

1) Set up su - as an alias for su in the /etc/profile file or all user's .profile files.

2)Wrap su with a simple script that forces su -


Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Patrick Wallek
Honored Contributor

Re: Forcing the use of the "-" option with su

There are 2 ways I can think of to do this:

1) Do a system-wide alias and alias su to 'su -'.

2) move su to su.orig and write a wrapper script called su. In that script you can check and if the first parameter is not a '-' then you can either display an error message, or go ahead and force the use of 'su -' from within the script.
Patrick Wallek
Honored Contributor

Re: Forcing the use of the "-" option with su

OK, that is scary! Jeff and I with the same exact ideas, in the same order, and damn near the same wording.

NO, I did not read Jeff's response before posting mine.
Marvin Strong
Honored Contributor
Solution

Re: Forcing the use of the "-" option with su

two quick ways I can think of.

1) create an su wrapper script, for su. and ensure that PATH variable is setup correctly, to use your wrapper instead of su. I would not recommend replacing su with a script that calls your renamed su command as patches may replace su in the future.

2) create an alias in /etc/profile for su
to do what you want.


Jeff Schussele
Honored Contributor

Re: Forcing the use of the "-" option with su

Well you know what they sat Patrick - There's only so many ways to hammer a nail ;~))

And on reflection I think the wrapper is going to be the better solution because if you use the alias & somebody *does* use the dash you'll end up with 2 dashes & an error message.

So I would write the wrapper such that it determines the argument count & if it's 2 then examine $1 & if it's a dash let it through untouched. If the count is 1 and it's a user name then add the dash & issue that command. If it's 1 and it's a dash then that's probably an su up to root & you'd let that go through as well. All in all still not very complex.

My 2 cents,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!