HPE Community
Operating System - HP-UX
1834570 Members
3666 Online
110069 Solutions
New Discussion

Re: Stupid question with su

 
Wood_2
Frequent Advisor

‎12-08-2005 08:06 PM

‎12-08-2005 08:06 PM

Stupid question with su

Hello

the root user have the possibiliti to su with another.

How make the ability to a simple user to make su -c to another user without give password

Thank you for your help
0 Kudos
Reply
6 REPLIES 6
Alex Georgiev
Regular Advisor

‎12-08-2005 08:11 PM

‎12-08-2005 08:11 PM

Re: Stupid question with su

You can not! Regular users will always have to type in a password when the use su. Per the su man page:

"To use su, the appropriate password must be supplied unless the current user is superuser."

You might want to look at a tool called sudo. An internet search for sudo will point you in the right direction.

Hope that helps!
0 Kudos
Reply
YoungHwan, Ko
Valued Contributor

‎12-08-2005 08:29 PM

‎12-08-2005 08:29 PM

Re: Stupid question with su

When switching user with su command, you don't need
typing password when you are root user.
but if you want to login another user without password,
it can be possible the user is root group.
0 Kudos
Reply
Laurent Menase
Honored Contributor

‎12-08-2005 08:34 PM

‎12-08-2005 08:34 PM

Re: Stupid question with su

there is the set user bit.

if a files file is owned by "toto"

when anyone execute it it will be executed with a euid of "toto".

if you want that only the user "tata" uses that program you can make a launcher for that program which check that the ruid is the autorised user, then exec the porgram you want.

to set the set user id bit do a chmod 4555.
Anybody can execute it and will have a euid of toto when executing it.
If you want to limit the use of that program to a group - chmod 4550

0 Kudos
Reply
Sivakumar TS
Honored Contributor

‎12-08-2005 10:50 PM

‎12-08-2005 10:50 PM

Re: Stupid question with su


Dear Wood !

" su " to another user defenetly requires a passwdord ! Unless you are root.


With Regards,

Siva.
Nothing is Impossible !
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

‎12-08-2005 11:10 PM

‎12-08-2005 11:10 PM

Re: Stupid question with su

Hi,
Unless you use and configure sudo, your only other alternative would be by rlogin and use .rhosts file in newuser to allow user to connect as newuser so to summarize:
in newuser's home you should have the .rhosts file with a line like:
host user(name)


All the best
Victor
P.S
I would go for sudo, its far more cleaner and secure (only root can give the priviledges...).
0 Kudos
Reply
Laurent Menase
Honored Contributor

‎12-08-2005 11:52 PM

‎12-08-2005 11:52 PM

Re: Stupid question with su

an other way to make it securely:
with ssh and with a rsa key.

or just the simple:
main()
{
int ruid,euid,suid;
getresuid (&ruid, &euid, &suid);
if (ruid!=406) /*406 is the only user allowed to use that program*/
{
exit (1);
}
setresuid (euid, euid, euid);
execle("/bin/id","id",0, 0);
/* the last 0 is to reduce the env to nothing, even PATH will be not defined
if a PATH is needed then you will have to
call
execle("/bin/id","id",0, myenv);
where myenv is declared as:
char *myenv[]={"PATH=/bin:/usr/bin","A=123",0};*/

}

# cc t.c
# chmod 4555 ./a.out
# su toto
# id
uid=406(toto) gid=406()
# ./a.out
uid=402(laurent) gid=406()

To avoid security risks, make it as simple as possible, don't make dynamically choosable programs, limit the parameters no none if possible
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.