Implementation question regarding surrogate policies
Would you have an example of an AC policy which would allow you to be able to surrogate to a local unix account but to no other one ? Or a link with some hints ?
Release : 4.1
Finally implemented the following policy :
er PROGRAM /opt/CA/PAMSC/bin/sesu owner(nobody) defaccess(N) trust
auth PROGRAM /opt/CA/PAMSC/bin/sesu xgid(******) acc(A)
er SURROGATE USER._default defaccess(n)
er SURROGATE USER.root defacc(n)
auth SURROGATE USER.root xgid(*******) acc(A)
er SURROGATE USER.ans defacc(n)
auth SURROGATE USER.ans xuid(*****) acc(a)