HPE Community
Operating System - HP-UX
1756804 Members
2525 Online
108852 Solutions
New Discussion юеВ

way su on an looked user works

 
SOLVED
Go to solution
Romy
Occasional Advisor

тАО07-19-2006 06:39 PM

тАО07-19-2006 06:39 PM

way su on an looked user works

Users XX login is looked when using telnet;
(passwd -s XX shows: XX LK)
su - XX as nonroot User (but user whis SU_ROOT_GROUP privileges in /etc/default/security) still works, why?

And is there any way i can see when an account expires or better can i convert the absolute number of days since Jan 1 1970 in /etc/shadow file in a "readable" date format?

r.
Romy
Romy
0 Kudos
5 REPLIES 5
Steven E. Protter
Exalted Contributor

тАО07-19-2006 06:45 PM

тАО07-19-2006 06:45 PM

Re: way su on an looked user works

Shalom,

passwd -sa should provide you a report.

OS Version would be helpful.

su - XX as nonroot User (but user whis SU_ROOT_GROUP privileges in /etc/default/security) still works, why?

The authentication system permits root to su to even locked or expired users. That is the way it was designed. The pam.d configuration can be changed to prevent su - from working.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Romy
Occasional Advisor

тАО07-19-2006 06:55 PM

тАО07-19-2006 06:55 PM

Re: way su on an looked user works

oh sorry

OS Version: HPUX 11.11

prevents pam.d also su - for root?
pam.conf contains:
su account required /usr/lib/security/libpam_unix.1
su auth required /usr/lib/security/libpam_unix.1


R.
Romy
0 Kudos
A. Clay Stephenson
Acclaimed Contributor

тАО07-20-2006 05:30 AM

тАО07-20-2006 05:30 AM

Solution

Re: way su on an looked user works

If you want to know the calendar date corresponding to a number of days since 1970 then:

#!/usr/bin/sh

typeset -i DAYS=0
typeset -i DAYS_SINCE_1970=12650 # you will probably make this ${1}
typeset SDATE=""

DAYS=$(($(caljd.sh 1 1 1970) + ${DAYS_SINCE_1970}))
SDATE=$(caljd.sh -S "/" ${DAYS})
echo "${DAYS_SINCE_1970} => ${SDATE}"

Use the attached caljd.sh script; invoke as caljd.sh -u for full usage and many examples.

Also a trick to convert epoch seconds to a date is:

perl -e 'print scalar localtime(1153416541)'

where the 1153416541 is the number od seconds since 1-Jan-1970 00:00:00 UTC.


If it ain't broke, I can fix that.
0 Kudos
James R. Ferguson
Acclaimed Contributor

тАО07-20-2006 06:02 AM

тАО07-20-2006 06:02 AM

Re: way su on an looked user works

Hi Romy:

Using pure Perl, you can translate the number of days since January 1, 1970 into a month/day/year as shown below. Pass the number of days (e.g. 13000) as the argument to convert:

# perl -MDate::Calc=Add_Delta_Days -le '$off=shift;($y,$m,$d)=Add_Delta_Days(1970,1,1,$off);;print "$m/$d/$y"' 13000

8/5/2005

...if your version of Perl doesn't have the Date::Calc module, fetch and install it from CPAN:

http://search.cpan.org/~stbey/Date-Calc-5.4/Calc.pod

Regards!

...JRF...
0 Kudos
Romy
Occasional Advisor

тАО07-20-2006 07:23 PM

тАО07-20-2006 07:23 PM

Re: way su on an looked user works

Thanks for help.
A. Clay the attached caljd.sh script is really very helpful.

regards
Romy
Romy
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.