Prevent Users from Running the System's su Utility
Although the sesu utility is configured, anyone can run su.ORIG (the renamed system su utility), as before, with root's or a user's password. To prevent this, use the PROGRAM class to explicitly prevent su.ORIG execution when Privileged Identity Manager is running.
cminder12801
Although the sesu utility is configured, anyone can run su.ORIG (the renamed system su utility), as before, with root's or a user's password. To prevent this, use the PROGRAM class to explicitly prevent su.ORIG execution when Privileged Identity Manager is running.
If you used seuidpgm during Privileged Identity Manager installation and configuration, you do not need to follow this procedure. su will not run as it has been modified (renamed to su.ORIG).
To prevent users from running the system's su utility
- In selang, set Privileged Identity Manager to monitor the renamed su utility, using the following command:nr program su_dir/su.ORIG defacc(x) own(nobody)
- Logged in as root, change file access and modification time, using the following command:
Privileged Identity Manager is watching su.ORIG and, because the file has beentouch su_dir/su.ORIGtouched, will prevent it from being executed.