Previous Topic: Set User ID Substitution RulesNext Topic: Set Basic User Substitution Rules


How to Set Up sesu for User Substitution

By default, the sesu utility is marked in the file system so that no one can run it. Before you make sesu available to your users, you must set database rules to ensure it is used safely. You then need to lock the system's su utility so that users are forced to use the CA ControlMinder sesu utility instead.

To set up sesu, do the following:

  1. Set basic user substitution rules.
  2. Replace the system's su utility with the CA ControlMinder sesu utility.
  3. Prevent users from running the system's su utility.

Note: After you complete this setup, when CA ControlMinder is running the system's su utility will not execute and users will be forced to use the secured sesu utility. When CA ControlMinder is not running, the system's su utility will work.