HP-UX Containers (SRP) A.03.01 Administrator's Guide
52
8 Using the srp_su command
The srp_su command executes the su(1) command in the specified container. It can be used to
login to a container or execute a single command before returning to the global view. You must
execute the srp_su command from within the global view.
The srp_su command has the following syntax:
srp_su container_name [su_arguments]
Where:
container_name Specifies the name of the target container.
su_arguments Specifies any valid su(1) arguments.
8.1 Allowing additional users to use the srp_su command
Only users with the hpux.srp.exec authorization are allowed to use the srp_su command. By
default, only the root user has this authorization for all containers on the system.
To allow additional users to use the srp_su command, you must create a new RBAC role and assign
the role to the additional users, as follows:
1. Assign a role to each user:
# roleadm assign user_name newRole
NOTE: Repeat step 1 for each additional user.
In this example, the root user establishes a session as root in the target container. The root user
logs in to myContainer container from the global view:
# srp_su - myContainer
To assign authorization to a non-root user admin1 to login to a container using the srp_su
command, follow these steps:
1. Assign the SRPsu-myContainer role to user admin1:
# roleadm assign admin1 SRPsu-myContainer
To verify that the role was assigned to admin1 in the global view, change the user ID to admin1.
Then use the srp_su command to create a login session in myContainer, as follows:
# srp_su myContainer – admin1
The correct admin1 user password will allow admin1 to login to the container myContainer.
NOTE: The audit records of the srp_su target user are attributed to the source user (the user running
the srp_su command). To attribute the audit records to the target user instead of the source user,
add the line SU_AUDIT_TAG=1 in the global /etc/default/security file.