srp_su.1m (2011 09)
SRP_SU(1M) SRP_SU(1M)
NAME
srp_su - Executes the su(1) command in the specified HP-UX Container.
SYNOPSIS
srp_su [-M] <container_name> [<su arguments>]
DESCRIPTION
The srp_su command is used to execute the su(1) command from the global view into the specified target
container. The srp_su command must be executed from within the global view.
Only users with hpux.srp.exec authorization will be allowed to use the srp_su command. By default,
only the user named root will have this authorization for all containers on the system.
OPTIONS
-M Allows srp_su to operate on a container in the maintenance state.
container_name
Name of the target container.
su arguments
Arguments to be passed to the su(1) command in the target container. Any su arguments may be
used.
EXAMPLES
Login from the global view to myContainer as root user:
# srp_su myContainer
Login from the global view to myContainer as admin1 with a new login session in myContainer:
# srp_su myContainer - admin1
Login from global view to myContainer as admin1 and execute the ls command in myContainer:
# srp_su myContainer admin1 -c ls
To allow admin2 to use the srp_su command, create a new RBAC rule that assigns admin2 to the
SRPsu-myContainer role:
# roleadm assign admin2 SRPsu-myContainer
NOTE: You can run this command for each additional user.
SECURITY FEATURES
HP recommends to use the "su -" option to prevent exposing sensitive environment variables to processes
in the target container. The - option will preserve only the TZ, PATH, TERM, LOGNAME, MAIL,
DISPLAY, SHELL, HOME, KRB5CCNAME, INIT_STATE environment variables from the user’s glo-
bal view session.
AUTHOR
srp_su was developed by Hewlett-Packard Company.
SEE ALSO
su(1), srp(1M), srp(5), compartments(5), rbac(5), compartment_login(5), environ(5), authadm(1M),
roleadm(1M).
HP-UX 11i Version 3: September 2011 − 1 − Hewlett-Packard Company 1