Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Switch user(su) two times
Operating Systems AIX Switch user(su) two times Post 302519605 by mtwain on Wednesday 4th of May 2011 11:15:37 AM
Old 05-04-2011
Thank you all for your responses. Really appreciate it. I was asking this question from the perspective of audit. I should have given this detail before. I wanted to review the appropriateness of people who can su to ABC. Since ABC account has sugroups=su2DEF, I reviewed people who are in su2DEF group. But, given that one can su to root and then su away from root to ABC, I was wondering if I also need to look at people who can su to root. In this light I have the below questions. Unfortunately, I do not have access to the system so I can experiment. I am just doing audit review.

A) Given the above info, to determine only appropriate people can su to ABC, do I also need to look at people who can su to root?

B) Will su away from root to ABC prompt a user to enter password of ABC

C) If su away from root to ABC does not prompt the user to enter password of ABC, basically any user who can su to root can access ABC. In that case, the focus should be on people who can su to root without entering root password. How can I know which accounts have been configured to su to root without entering root password. Is there some configuration list I can review to know these accounts?


Appreciate all your advice.
Thank you
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Non-interactive user switch to root

Is is possible switch user from a non-root user to root user without entering the password interactively inside a korn shell script which is run by a non-root user? e.g. I have a non-root user called infodba who is in dba group and I want to create a shell script which is executed by infodba... (5 Replies)
Discussion started by: stevefox
5 Replies

2. UNIX for Dummies Questions & Answers

Expect command to switch user

Hi I have written a script to switch user and do some operations. I used expect command it doesn't work. It switches the user and waits for the Password to be entered manually. Also, i tried to fetch the pasword from passwd file, it didn't work.The script is as below: ... (4 Replies)
Discussion started by: Sapna_Sai
4 Replies

3. Shell Programming and Scripting

Switch to different user without expect

Hi, I have to switch to a different user and execute certain commands and then come back to the original user Ex: My id is 'usstage'. I need to switch to 'apstage', souce a script there, execute a function and then get back again to usstage. Please note that I do not have expect installed... (4 Replies)
Discussion started by: sugan
4 Replies

4. Shell Programming and Scripting

Switch User in within a Shell Script

Hi Experts, I'm trying to write a shell script to stop few things where i have to use another user to execute a command. Otherwise it will not work. Your help is really appreciated Thanks, (16 Replies)
Discussion started by: Afi_Linux
16 Replies

5. Shell Programming and Scripting

switch as another user without password

I want to switch as another user without using password .Is it posiible ? I have one server B and I have logged in as username u1 but I want to login to that same server using username as u2 but I don't want to give the password for u2. (3 Replies)
Discussion started by: maitree
3 Replies

6. Shell Programming and Scripting

switch user from local user to root in perl

Hi Gurus, I have a script that requires me to switch from local user to root. Anyone who has an idea on this since when i switch user to root it requires me to input root password. It seems that i need to use expect module here, but i don't know how to create the object for this. ... (1 Reply)
Discussion started by: linuxgeek
1 Replies

7. UNIX for Dummies Questions & Answers

switch user (su) not sourcing the profile

Usually in solaris/Linux servers , when you do an su - username (space before and after the hyphen) the user's .profile should get sourced. But in the below linux machine it is not. As you see below ORACLE_HOME variable is not being set. # uname -a Linux revaltb214 2.6.18-238.el5 #1 SMP Sun... (7 Replies)
Discussion started by: John K
7 Replies

8. Shell Programming and Scripting

Switch user terminal error

Hello All, Here I am trying to login a Linux machine as admin user from a Solaris box.. & then switch to root user.. Code I use: ssh admin@<IP> << END su - root << A echo "Hello I am logged in as root" exit A exit END But the error I get.. su: must be run from a... (3 Replies)
Discussion started by: ailnilanjan
3 Replies

9. Shell Programming and Scripting

How to Switch from Local user to root user from a shell script?

Hi, I need to switch from local user to root user in a shell script. I need to make it automated so that it doesn't prompt for the root password. I heard the su command will do that work but it prompt for the password. and also can someone tell me whether su command spawns a new shell or... (1 Reply)
Discussion started by: Little
1 Replies

10. UNIX for Beginners Questions & Answers

How to switch user in shell script?

HI in a server we can't login with root user directly but i can login with different user and then i can switch to root user by su command Requirement is there anyway where i can write a script without mentioning password in file as mentioning the root password is not the... (3 Replies)
Discussion started by: scriptor
3 Replies

LEARN ABOUT DEBIAN

passmass

PASSMASS(1)						      General Commands Manual						       PASSMASS(1)

NAME

       passmass - change password on multiple machines

SYNOPSIS

       passmass [ host1 host2 host3 ...  ]

INTRODUCTION

       Passmass  changes a password on multiple machines.  If you have accounts on several machines that do not share password databases, Passmass
       can help you keep them all in sync.  This, in turn, will make it easier to change them more frequently.

       When Passmass runs, it asks you for the old and new passwords.  (If you are changing root passwords and have equivalencing, the	old  pass-
       word is not used and may be omitted.)

       Passmass  understands  the  "usual"  conventions.   Additional  arguments may be used for tuning.  They affect all hosts which follow until
       another argument overrides it.  For example, if you are known as "libes" on host1 and host2, but "don" on host3, you would say:

	    passmass host1 host2 -user don host3

       Arguments are:

	      -user
		  User whose password will be changed.	By default, the current user is used.

	      -rlogin
		  Use rlogin to access host.  (default)

	      -slogin
		  Use slogin to access host.

	      -ssh
		  Use ssh to access host.

	      -telnet
		  Use telnet to access host.

	      -program

		  Next argument is a program to run to set the password.  Default is "passwd".	Other  common  choices	are  "yppasswd"  and  "set
		  passwd"  (e.g.,  VMS hosts).	A program name such as "password fred" can be used to create entries for new accounts (when run as
		  root).

	      -prompt
		  Next argument is a prompt suffix pattern.  This allows the script to know when the shell is prompting.  The default is "# "  for
		  root and "% " for non-root accounts.

	      -timeout
		  Next argument is the number of seconds to wait for responses.  Default is 30 but some systems can be much slower logging in.

	      -su

		  Next	argument is 1 or 0.  If 1, you are additionally prompted for a root password which is used to su after logging in.  root's
		  password is changed rather than the user's.  This is useful for hosts which do not allow root to log in.

HOW TO USE

       The best way to run Passmass is to put the command in a one-line shell script or alias.	Whenever you get a new account on a  new  machine,
       add the appropriate arguments to the command.  Then run it whenever you want to change your passwords on all the hosts.

CAVEATS

       Using  the  same  password on multiple hosts carries risks.  In particular, if the password can be stolen, then all of your accounts are at
       risk.  Thus, you should not use Passmass in situations where your password is visible, such as across a network which hackers are known	to
       eavesdrop.

       On  the	other  hand,  if you have enough accounts with different passwords, you may end up writing them down somewhere - and that can be a
       security problem.  Funny story: my college roommate had an 11"x13" piece of paper on which he had listed accounts and passwords all  across
       the  Internet.	This  was  several  years worth of careful work and he carried it with him everywhere he went.	Well one day, he forgot to
       remove it from his jeans, and we found a perfectly blank sheet of paper when we took out the wash the following day!

SEE ALSO

       "Exploring Expect: A Tcl-Based Toolkit for Automating Interactive Programs" by Don Libes, O'Reilly and Associates, January 1995.

AUTHOR

       Don Libes, National Institute of Standards and Technology

								  7 October 1993						       PASSMASS(1)
All times are GMT -4. The time now is 09:58 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy