Functionality of sesu tool in access control

Document ID : KB000012684
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

I have seen a question With sesu, which is that you can sesu to another user and despite it still gets logged as Your user and not elevate Your permissions, It is a problem when it comes to the /home-folder. If I sesu to another member, I can see and edit the rsa-keys of other users.

 

What can i do to fix this problem?

 

Answer:

It is normal that everyone who can execute sesu can surrogate to anybody - you need to setup according rules in selang to prevent this - only authorise who is supposed to run it