Unable to switch to a specific user using su - even though the initial user is included in the IDM HBAC rule
Issue
Account user1 is unable to switch or execute a command as user2 using either su - user2
or "su - user2 -c "command"`.
The HBAC rule is defined as follow:
# ipa hbacrule-show allow_su
Rule name: allow_su
Enabled: TRUE
Users: user1, user3
Hosts: idmclient01.localdomain
Services: sshd, su-l, su
Environment
- Red Hat Enterprise Linux (RHEL) 7.x
- Red Hat Identity Management (IDM)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.