su (-) command

Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users su (-) command
# 1  
Old 09-06-2002
su (-) command

With the su command you can switch to any user on system, if you know his password.. Example: "su - root" switches to the root user.
This way the profile of the user (here root) will be loaded and you will get the rights of root. But if you enter "su root" (without "-") you just get the rights of root, but you don't actually load his profile..
Now I need a way, so that the user can't use the command without the "-". Example: "su - root" is possible and "su root" should not be possible!
Has anybody got an idea, how I can solve this problem?
# 2  
Old 09-06-2002
you can restrict them from the command buy you cant restrict them from the options of the command.
# 3  
Old 09-06-2002
I can't phantom why you would want to do this.

You could set up a script or executable to replace the su command so that it gets executed instead, looks for the $1 option and if it's a - , removes it before sending the information to the real su

# mv /bin/su /bin/oldsu
# cp /mynewsu /bin/su
# su - joeuser

Your script would have to be able to receive the two parameters.
Logic would remove the -, and then run /bin/oldsu with the parameter joeuser (if there was no userid, then root).

Of course, a person that can list /bin could see the /bin/oldsu and run it directly. There would be no real way to get rid of that problem.

Your best bet would be to get sudo or some other program. Also any upgrades or patches added to the server may replace your su program.

But this could possibly be done. I have never done it but it's one idea. I wouldn't recommend it even though I put it out here.
# 4  
Old 09-06-2002
I've just thought of that idea, after I posted here.. Thanx anyway, it works!
# 5  
Old 09-06-2002
IMHO, I think you need to restrict root access more. But that's just me. Smilie

Also, typically you don't need to use su - root. You can just type su - and this will fault to root, at least on HPUX. You only need to specify su - username for any other user besides root. Again this is my experience on HPUX. Smilie

Your answer is to alias su to su -, which you probably already figured out. You can overwrite a command by aliasing it. When you remove the alias the original command takes over again.

alias su=`su -`#syntax depends on OS version #those are backtics

# 6  
Old 09-06-2002

Setting a alias such as you suggest brings about a problem - if the alias is set and the user still does su -, the system will think the user wants to su - to userID - (which it then informs you does not exist).

medusa% alias su 'su -'
medusa% su
Sun Microsystems Inc. SunOS 5.8 Generic February 2000
# exit
medusa% su -
su: Unknown id: -

You at least read the post more carefully than I as I thought the PzYon wanted it so they could not do su -. The logic in the script could still be done. The alias solution might work but a more intracate solution would be needed.
# 7  
Old 09-09-2002
to be perfectly in control ... script it...

something in a script would be more reliable. Then you could take whatever was entered after "su" as variables.

You would have to move the su binary somewhere out of the PATH and then create a script in the original location called "su".

Then anything after the command will be read as input which you can then force the result you want by coding it in a script.

This should be fairly easy to do probably only 20 lines or so.

My 2K anyway.Smilie

Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Another one line command where I'd like to determine if Ubuntu or Red Hat when running command

Hello Forum, I'm making very good progress on my report thanks to the very helpful people on this forum. I've been able to successfully create my report for my Red Hat servers. But I do have a few ubuntu servers in the mix and I'd like to capture some data from them when an ssh connection is... (8 Replies)
Discussion started by: greavette
8 Replies

2. AIX

I'm facing problem with rpm command, when running the command and appears this error:

exec(): 0509-036 Cannot load program /usr/opt/freeware/bin/rpm because of the following errors: 0509-022 Cannot load module /opt/freeware/lib/libintl.a( 0509-150 Dependent module /opt/freeware/lib/libiconv.a(shr4.o) could not be loaded. 0509-152 Member... (4 Replies)
Discussion started by: Ohmkar
4 Replies

3. Shell Programming and Scripting

Multiple command execution inside awk command during xml parsing

below is the output xml string from some other command and i will be parsing it using awk cat /tmp/alerts.xml <Alert id="10102" name="APP-DS-ds_ha-140018-componentFailure-S" alertDefinitionId="13982" resourceId="11427" ctime="1359453507621" fixed="false" reason="If Event/Log Level(ANY) and... (2 Replies)
Discussion started by: vivek d r
2 Replies

4. Shell Programming and Scripting

SH script, variable built command fails, but works at command line

I am working with a sh script on a solaris 9 zone (sol 10 host) that grabs information to build the configuration command line. the variables Build64, SSLopt, CONFIGopt, and CC are populated in the script. the script includes CC=`which gcc` CONFIGopt=' --prefix=/ --exec-prefix=/usr... (8 Replies)
Discussion started by: oly_r
8 Replies

5. UNIX for Dummies Questions & Answers

passing command output from one command to the next command in cshell

HI Guys, I hope you are well. I am trying to write a script that gets executed every time i open a shell (cshell). I have two questions about that 1) I need to enter these commands $ echo $DISPLAY $ setenv $DISPLAY output_of_echo_$display_command How can i write a... (2 Replies)
Discussion started by: kaaliakahn
2 Replies

6. UNIX for Advanced & Expert Users

unix command : how to insert text at the cursor location via command line?

Hi, Well my title isn't very clear I think. So to understand my goal: I have a script "test1" #!/bin/bash xvkbd -text blabla with xbindkeys, I bind F5 key in order it runs my test1 script So when I press F5, test1 runs. I'm under Emacs/Vi and I press F5 in order to have "blabla" be... (0 Replies)
Discussion started by:
0 Replies

7. Shell Programming and Scripting

Need help! command working ok when executed in command line, but fails when run inside a script!

Hi everyone, when executing this command in unix: echo "WM7 Fatal Alerts:", $(cat query1.txt) > a.csvIt works fine, but running this command in a shell script gives an error saying that there's a syntax error. here is content of my script: tdbsrvr$ vi "" 22 lines, 509... (4 Replies)
Discussion started by: 4dirk1
4 Replies

8. AIX

AIX:Command to get netaddress/subnet address command in IPv4/IP6

AIX:Command to get netaddress/subnet address command in IPv4/IP6 Can anybody help us with a command to retrieve netaddress/subnet address command in IPv4/IP6 on aix machine. net/subnet address is in the format all 255 machines in an IPv4 network) (2 Replies)
Discussion started by: rookie8278
2 Replies

9. Shell Programming and Scripting

assign a command line argument and a unix command to awk variables

Hi , I have a piece of code ...wherein I need to assign the following ... 1) A command line argument to a variable e.g origCount=ARGV 2) A unix command to a variable e.g result=`wc -l testFile.txt` in my awk shell script When I do this : print "origCount" origCount --> I get the... (0 Replies)
Discussion started by: sweta_doshi
0 Replies

10. SuSE

inconsistent ls command display at the command prompt & running as a cron job

Sir, I using the following commands in a file (part of a bigger script): #!/bin/bash cd /opt/oracle/bin ls -lt | tail -1 | awk '{print $6}' >> /tmp/ramb.out If I run this from the command prompt the result is: 2007-05-16 if I run it as a cron job then... (5 Replies)
Discussion started by: rajranibl
5 Replies
Login or Register to Ask a Question