SSH Sudo Execution or SU Utility Execution

Control Elevated Privilege in a SSH/SU session (sudo execution or directly executing su utility).

PAM includes the option to control the command to elevate privilege in a SSH/SU session to run through sudo execution or directly executing su utility.

With this option included, the system will use exec sudo su – user command to elevate user privilege instead of the default exec su – user command.

 

The option is controlled by a custom record-level field Type on Unix with SU record type or its inherited derivatives.

  • Field Type: Checkbox
  • Name: sudo
  • Display Name: Use sudo
  • Order: 620

FAQ-SSH-Use-Sudo-Custom-Field

You will need to create this custom field within a Record Type. To learn about creating custom fields, please review this article.

Now, within the record that uses the Record Type with this custom field, you will have a checkbox option named Use sudo.

FAQ-SSH-Use-Sudo-Record-Checkbox

  • When Use sudo is enabled (checked), PAM will authenticate sudo su with the User password.

    • FAQ-SSH-Use-Sudo-Connect-With-Use-Sudo-Option

  • When Use sudo is disabled (unchecked), PAM will authenticate su with the SU User password.

    FAQ-SSH-Use-Sudo-Connect-Without-Use-Sudo-Option