While testing with sesu operations we found that sesu was not using the system defined ulimit for that user. When restarting services with the account the program would inherit the original; users ulimit causing process failures.
Ulimit setting with sesu # 1024
$ ulimit -n
$ sesu - user2
Exampleserver:/home/user2$ ulimit -n
Ulimit setting with sudo # 65000
$ ulimit -n
$ sudo -u user2 /bin/ksh
Enter Windows password for user1:
Exampleserver:/home/user1 $ ulimit -n
There are 2 methods we can use for sesu. The "old_sesu" employs our original method for replicating su functionality. This method did not replicate all features of su. Using this method can be useful for some implementations. The new sesu mechanism calls the native su program to ensure consistency between su and sesu.
CA PIM / CA PAM SC
Release : any
Component : endpoint
To use the new sesu,you need to modify the old_sesu value in the seos.ini and restart seosd.
old_sesu = no
Note: using the new sesu methodolgy may result in the user being requested for their passwd since that is the default behavior in su. To change this and not require a password request set the following value along with old_sesu in the seos.ini
request_target_password = no