- Using SSH, log in remotely to a Solaris AutoSys server as a user with no eTrust Access Control granted rights using SSH
- The Unix commands 'id' and 'whoami' return the correct logged username
- eAC command 'sewhoami' returns 'root' This allows the non-priviledged user to impersonate 'root' and issue any AutoSys commands with full permissions.
The issue described in the summary occurs when SSH is not defined as a default login method in eTrust Access Control.
To update this perform the following command:
er loginappl SSHD loginpath(<full path to login binary>) owner(nobody) defacc (x)
Where 'full path to login binary' points to the SSHD daemon (e.g. /usr/lib/ssh/sshd)