search cancel

sesu - goes directly into root without requesting password

book

Article ID: 257636

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

Logging into a server protected with PAM SC and issuing

sesu -

instead of the expected behaviour, whereby the password for the user is requested before switching to root, it goes straight in to root.

When this is happening, doing sewhoami -a before or after sesu - shows the user issuing the command to be already root and not the original user as it would be expected

However, if one has a session opened to the same server, and PAMSC is restarted then it works as intended in the first session and  the correct behaviour remains for as long as the session is not closed

Environment

Release : 14.1 and possibly other releases

Cause

Analysis of the traces shows that most processes are forked from sshd running in the server, so if sshd is not working properly (due to restarts or other interferences) it is possible that it allows this root access

Resolution

Restarting sshd in the server may restore the correct behaviour.

However, if this is observed on a regular basis, investigation onto the behaviour of sshd should be carried out as there may be another underlying problem causing it not to work properly