AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.

 View Only
Back to discussions
Expand all | Collapse all

How to see all "su" is associated with root user in commandline mode.

  • 1.  How to see all "su" is associated with root user in commandline mode.

    Posted Wed April 08, 2009 03:32 AM

    Originally posted by: SystemAdmin


    Administrator will give the access to set the "su" to root or other group to logon onto get the access. I would like to know in single server there are more than 1000 users created. To get the information those are previlize to su for root or equilent to root. Is there any command line to display to get the all users information equal to root access only.


  • 2.  Re: How to see all "su" is associated with root user in commandline mode.

    Posted Wed April 08, 2009 06:44 AM

    Originally posted by: SystemAdmin


    The default in AIX security is attribute "sugroups=ALL" for ALL users.
    This means ALL users grant access "su" to ALL groups.

    This default attribute is defined in /etc/security/user in
    the "default" stanza

    Display command for this attribute for ALL users:
    lsuser -a sugroups ALL

    Display command for root user:
    lsuser -a sugroups root

    If you want that only one group (example: group SUADMIN) "su" to root, you must change the attribute sugroups=SUADMIN to root only.
    All users from SUADMIN group would have access to root user through "su".

    All users that had executed "su" to root, are logged in /var/adm/sulog file.

    There are many security issues and you can consult them in the InfoCenter for AIX.

    Regards.
    Silvia.


Related Content