HP-UX Reference (11i v1 05/09) - 4 File Formats (vol 8)
s
security(4) security(4)
passwd -w option can be used to override this value for a specific user.
PASSWORD_WARNDAYS=
N Users are warned N days before their password expires.
Default value:
PASSWORD_WARNDAYS=0
(no warning)
RSH_SECURITY
This parameter controls how login filters environment variables passed to restricted
shells, for example, rksh.
Note: This parameter is supported by login patch PHCO_23900 or later.
RSH_SECURITY=0
All variables except SHELL and PATH can be set.
RSH_SECURITY=1
All variables except SHELL, PATH, IFS, HOME and
ENV can be
set.
RSH_SECURITY=2
Only TERM and DISPLAY can be set.
Default value:
RSH_SECURITY=2
SU_KEEP_ENV_VARS
This parameter forces su to propagate certain ’unsafe’ environment variables to its children
despite the security risk of doing so.
Note: This parameter is supported by the su patch PHCO_27781 or later.
By default, su does not export the environment variables LD_LIBRARY_PATH
,
SHLIB_PATH or LD_PRELOAD because they could be maliciously misused. Any combina-
tion of these can be specified in this entry, with a comma separating the variables.
Currently no other environment variables may be specified in this way. This may change
in future HP-UX releases as security needs require.
SU_KEEP_ENV_VARS=
var1,var2,...varN
Default value: If this parameter is not defined or if it is commented out, none of these three
environment variables will be propagated by the
su command.
SU_ROOT_GROUP
This parameter defines the root group name for the su command. Refer to su(1).
SU_ROOT_GROUP=group_name The root group name is set to the specified symbolic
group name. The
su command enforces the restriction that a non-superuser must be a
member of the specified root group to be allowed to su to root. This does not alter pass-
word checking.
Default value: If this parameter is not defined or if it is commented out, there is no default
value. In this case, a non superuser is allowed to su to root without being bound by root
group restrictions.
SU_DEFAULT_PATH
This parameter defines a new default PATH environment value to be set when su
to a
non-superuser account is done. Refer to su(1).
SU_DEFAULT_PATH=new_PATH
The PATH environment variable is set to new_PATH when the su command is invoked.
The path value is not validated. This parameter does not apply to a superuser account, and
is applicable only when the "-" option is not used with the su command.
Default value: If this parameter is not defined or if it is commented out, PATH is not
changed.
AUTHOR
The security file was developed by HP.
FILES
/etc/default/security
SEE ALSO
login(1), passwd(1), su(1), init(1M), pam_unix(5).
Section 4−−276 Hewlett-Packard Company − 3 − HP-UX 11i Version 1: September 2005