Time ago we opened a case because when we use the binary /usr/local/pr/CM/AC/AccessControl/bin/sesu we don’t load the values of limits:

Example:

If we changed of user using the binary sesu we inherit the limits from the first user:

[limdb601:/us/gr_segl] #/usr/local/pr/CM/AC/AccessControl/bin/sesu - /us/xpmgdb01

Please enter your password:

[limdb601:/us/xpmgdb01] # ulimit -n

1024

As you can see, if we change user whitout sesu then limits are load correctly:

ROOT.xe37622.limdb601./us/gr_segl>id

uid=0(root) gid=0(root) groups=0(root)

ROOT.xe37622.limdb601./us/gr_segl>su - xpmgdb01

[limdb601:/us/xpmgdb01] # ulimit -n

64000

Release : 12.8

Component : CA ControlMinder - Unix

For address this problem you advise us to launch this change:

er config seos.ini section(sesu) token(old_sesu) value(no)

Then this problem is solved, but now when we try to change to user is generated a denied:

/usr/local/pr/CM/AC/AccessControl/bin/sesu - xpmgdb01

Please enter your password:

sesu_grmodb: line 23: 83232: Killed

When we search the denied we see this:

14 Jun 2022 09:19:43 D SURROGATE    xe37622    Read       69  2 USER.root            /usr/bin/ksh93                         xe37622

We don’t understand why Access Control denied change user to root when we are trying to change to user xpmgdb01 ( this user isn’t uid 0 ), we believe that Access Control isn’t work correctly.

The issue can be solved by saying to users creating a sudo when the users launch   /usr/bin/sesu_grmodb.