HPE Community
Operating System - HP-UX
1832857 Members
3492 Online
110047 Solutions
New Discussion

Re: Security nuisance

 
SOLVED
Go to solution
Brett A. Weber
Occasional Contributor

‎01-14-2001 06:21 AM

‎01-14-2001 06:21 AM

Security nuisance

Our DBA's login to CDE using personal usernames/passwords. Once logged in, they open a shell, and promptly su to an Oracle, administrative account to modify scripts. Unfortunately, one of our DBA's is dependent on the GUI text editor - rather than vi. Anyway, in CDE the su action only applies to the 'working' shell - it doesn't seem to grant similar priviledges while in other windows - file manager, text editor, or even another shell. Is there a way to propagate this su command to all windows within a CDE session?
0 Kudos
Reply
3 REPLIES 3
Dan Hetzel
Honored Contributor

‎01-14-2001 10:10 AM

‎01-14-2001 10:10 AM

Solution

Re: Security nuisance

Hi Brett,

The 'su' command will only apply to the shell where it is been issued, as well as to all commands issued from the SAME window (if using CDE) as long as you don't terminate it with 'exit' or

Once the 'su' command has been typed, you're still able to use all GUI programs under the new user id, providing your DISPLAY wariable is set properly.

For example:
1. Before typing the 'su', type:
echo $DISPLAY
echo $TERM
Keep that information handy (display_name and term_type for example)
2. 'su'
3. Depending on the shell, set the TERM and DISPLAY variables as they were under point 1.

if the user is running csh or tcsh:
setenv DISPLAY display_nane
setenv TERM term_type
if he's running in sh or ksh:
export DISPLAY=display_name
export TERM=term_type

From that point, you'll be able to start all GUI programs with the new user id.

I you do a 'remote' login to a different host, you'll have to set your DISPLAY and TERM variables as above.
In addition to that, the remote host must be allowed to talk to the local X Server, this is done through the command 'xhosts':
xhosts + remote_host_name

Best regards,

Dan
Everybody knows at least one thing worth sharing -- mailto:dan.hetzel@wildcroft.com
Reply
Dan Hetzel
Honored Contributor

‎01-15-2001 01:57 AM

‎01-15-2001 01:57 AM

Re: Security nuisance

Brett,

Thanks for the points. I imagine that you succeeded in giving your dba's access to thei GUI editor ;-)

A useful alias, if your running posix or korn shell:
remote_host='xon remote_host /usr/bin/X11/dtterm -name remote_host -ls'

This will, from your master CDE window, open a window on host 'remote_host', with name 'remote_host' and all settings like DISPLAY set properly.

Replace 'remote_host' by the hostname you want and define as many aliases as you like.

Best regards,

Dan
Everybody knows at least one thing worth sharing -- mailto:dan.hetzel@wildcroft.com
0 Kudos
Reply
Bruce Regittko_1
Esteemed Contributor

‎01-16-2001 01:40 AM

‎01-16-2001 01:40 AM

Re: Security nuisance

Hi,

After setting up the su session per Dan's suggestions, your DBA will most likely have to launch the gui applications from the comand line to have the privileges of the su'ed account and not via the front panel or from an icon. For example, entering dtpad will launch the gui text editor as the Oracle account and not as the initial login account.

--Bruce
www.stratech.com/training
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.