HPE Community
Operating System - HP-UX
1851078 Members
2110 Online
104056 Solutions
New Discussion

Re: Thrusted System

 
Marcel Garcia Will
Occasional Contributor

‎07-04-2003 10:16 AM

‎07-04-2003 10:16 AM

Thrusted System

If I enable the login time an user, Can I make su to this user from other user? If I can, how I configure it?

Thanks
Will
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

‎07-04-2003 11:49 AM

‎07-04-2003 11:49 AM

Re: Thrusted System

The answer to your question is yes.

su - username will give you the user along with the environment. Take out the dash and you only get priviledges.

Trusted System is done either by running Bastille Security Checker or by Going into sam Security(obvious from there) as root user.

The only configuration after that is to make the audit logs manageable. Too much logging and you just fill up filesystems.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Marcel Garcia Will
Occasional Contributor

‎07-04-2003 12:05 PM

‎07-04-2003 12:05 PM

Re: Thrusted System

thanks SEP, but it cannot resolve my problems.
I??ve added a login time policy to an user.
If I want to make su - [user] from other user besides root, the su - [user] fails. su - [user] obey login time policy, like telnet?

in time, I need to make su - [user].
Will
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎07-04-2003 01:06 PM

‎07-04-2003 01:06 PM

Re: Thrusted System

Greetings,

I do not fully understand your problem.

Here is what I understand.

You limit logins based on time.

Do you want to enable or disable su - logins.

What is the error message you receive.

Detail will help me understand.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Michael Tully
Honored Contributor

‎07-04-2003 04:04 PM

‎07-04-2003 04:04 PM

Re: Thrusted System

This is not the way this should work.

The security policy can only be enforced if:
The user logs in
If you su - xxxx you are changing the rules.
Each su session is recorded in syslog/sulog.

Why do you wish to su anyway? Why can't the user use his/her own login ? There are ways that file permissions can be manipulated with groups and acls.

Within the shell there is an idle timeout facility (TMOUT and autologout depending on the shell type)

I am sure that you compile or change options with using the 'sudo' product where there is a timeout.
Anyone for a Mutiny ?
0 Kudos
Reply
Wouter Jagers
Honored Contributor

‎07-05-2003 07:34 AM

‎07-05-2003 07:34 AM

Re: Thrusted System

I think Marcel wants to know whether it is possible to switch to a time-restricted account while outside of the 'allowed logon hours' of the target account.

I guess not, since I assume this policy is checked at -every- logon, including su's.. hence, as a non-root user I don't think it will work.

Best regards
an engineer's aim in a discussion is not to persuade, but to clarify.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.