HPE Community
Operating System - HP-UX
1827435 Members
5114 Online
109965 Solutions
New Discussion

SU_ROOT_GROUP not working

 
SOLVED
Go to solution
cam9269
Regular Advisor

‎10-30-2008 10:25 PM

‎10-30-2008 10:25 PM

SU_ROOT_GROUP not working

Hi Guys, I'm trying to implement SU_ROOT_GROUP in /etc/default/security but it seems to be not working.

My userID is defined in the sudoers file as a user who can perform "sudo su -" with the NOPASSWD parameter set

In the security file, I defined SU_ROOT_GROUP=adm. I did not include my userID in the adm group to test if I can still execute "sudo su -", and it did; I was still able to su to root even if I'm not in the adm group.

Any ideas about this?
0 Kudos
4 REPLIES 4
Ivan Krastev
Honored Contributor

‎10-30-2008 10:28 PM

‎10-30-2008 10:28 PM

Re: SU_ROOT_GROUP not working

Try to use:
su -

instead of sudo to check this.

regards,
ivan
0 Kudos
Suraj K Sankari
Honored Contributor

‎10-30-2008 10:35 PM

‎10-30-2008 10:35 PM

Re: SU_ROOT_GROUP not working

Hi,

Not clearly getting your point are you switch to normal user to root user?
if yes then
just do
#su
or
#su - ( for execute root profile)

Suraj
0 Kudos
Matti_Kurkela
Honored Contributor

‎10-30-2008 10:53 PM

‎10-30-2008 10:53 PM

Solution

Re: SU_ROOT_GROUP not working

If you use "sudo su -", then your sudoers file trumps the SU_ROOT_GROUP setting.

First, the "sudo" part of the command is setuid root. It needs to be; otherwise it could not switch the user's identity at all. As there is no -u option in the sudo command line, sudo will run the following command as a root user.

So, when the "su -" part starts running, _you are already root_, although your environment settings are still normal-user-like. The "su -" command transforms the root user into the root user, which is obviously allowed, as the root can do anything. At the same time, it recreates the environment settings from scratch... which is probably your primary reason of using "sudo su -" instead of "sudo -s".

If you don't believe me, look into your syslog: you will see first sudo's entry, confirming that the user switched to root to run "su -", then su's entry will say that root became root.

MK
MK
0 Kudos
cam9269
Regular Advisor

‎11-02-2008 02:26 PM

‎11-02-2008 02:26 PM

Re: SU_ROOT_GROUP not working

thanks for the inputs guys!
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.