Prevent Users from Running the su Utility of the System

Although the sesu utility is configured, anyone can run su.ORIG (the renamed system su utility) as before, with the password of root or a user. To prevent unauthorized use, use the PROGRAM class to prevent su.ORIG execution when is running.
cminder140
Although the sesu utility is configured, anyone can run su.ORIG (the renamed system su utility) as before, with the password of root or a user. To prevent unauthorized use, use the PROGRAM class to prevent su.ORIG execution when
Privileged Access Manager Server Control
is running.
If you used seuidpgm during
Privileged Access Manager Server Control
installation and configuration, you do not need to follow this procedure. su does not run as it has been modified (renamed to su.ORIG).
To prevent users from running the system's su utility
  1. In selang, set
    Privileged Access Manager Server Control
    to monitor the renamed su utility, using the following command:
    nr program su_dir/su.ORIG defacc(x) own(nobody)
  2. Log in as root to change file access and modification time. Use the following command:
    touch su_dir/su.ORIG
    Privileged Access Manager Server Control
    is watching su.ORIG and, because the file has been
    touched
    , prevents it from being executed.