LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-22-2012, 11:44 AM   #1
mccartjd
Member
 
Registered: Apr 2008
Posts: 108

Rep: Reputation: 15
Allow specific user to su as well as Wheel Group


My members of the wheel group can su however, I would like for an additional user to have the ability to su but not be part of the wheel group. New to Linux so please forgive me. Below is my /etc/pam.d/su configuration file. If it's easier I can create a second group and add this person to the group. I just don't know if I need to add a comma or a semiloclon to seperate indivdidual groups in the su configuration file.
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth required pam_wheel.so use_uid
auth include system-auth
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
passwordinclude system-auth
session include system-auth
session optional pam_xauth.so

A million thanks,
Johnny Mac

---------- Post added 03-22-12 at 11:45 AM ----------

Forgot to mention. Using RHEL 5 64bit Workstation
 
Old 03-22-2012, 12:55 PM   #2
ButterflyMelissa
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,686
Blog Entries: 23

Rep: Reputation: 398Reputation: 398Reputation: 398Reputation: 398
Hi,

This does not have to involve PAM (as far as I can see) but simply a well-tuned user account. Make the new user, add him/her to all the required groups except wheel...better yet, look into sudo instead...

Unless I missed the bat completely here

Thor
 
Old 03-22-2012, 01:12 PM   #3
mccartjd
Member
 
Registered: Apr 2008
Posts: 108

Original Poster
Rep: Reputation: 15
Smile

If I have about 25 to 30 existing users, it seems like allot of sudo configuring as oppose to creating a group and adding the user to the group along with the group to su configuration file. Am I overthinking sudo?
 
Old 03-22-2012, 01:49 PM   #4
ButterflyMelissa
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,686
Blog Entries: 23

Rep: Reputation: 398Reputation: 398Reputation: 398Reputation: 398
Quote:
Am I overthinking sudo?
Not really...but then, making a group that is ... part of other groups and adding users to that group, should in fact have to do as well...
 
Old 03-22-2012, 01:51 PM   #5
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Not necessarily overthinking. Maybe misunderstanding.

Sudo, too, lets you use groups.

Pam, however, doesn't have a facility to elevate random groups privilege
levels to the best of my knowledge.
 
Old 03-22-2012, 01:53 PM   #6
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Quote:
Originally Posted by Thor_2.0 View Post
Not really...but then, making a group that is ... part of other groups and adding users to that group, should in fact have to do as well...
The ony problem with that is that you can't add groups to groups.
 
Old 03-22-2012, 02:18 PM   #7
ButterflyMelissa
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,686
Blog Entries: 23

Rep: Reputation: 398Reputation: 398Reputation: 398Reputation: 398
Quote:
The ony problem with that is that you can't add groups to groups
Maybe my mis-understanding...I understood that it is possible to make a group called F, where members/users have access to groups A, B and D, but not C for example...

I may have misunderstood, if so, sorry for my (wrong) input...
 
Old 03-22-2012, 08:11 PM   #8
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
You can't nest groups, but you can put users into multiple groups.
You would just create a sudo_su group, add users to that and define privs for that group (not individual members) in sudoers file
 
1 members found this post helpful.
Old 03-22-2012, 11:47 PM   #9
ButterflyMelissa
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,686
Blog Entries: 23

Rep: Reputation: 398Reputation: 398Reputation: 398Reputation: 398
Quote:
You can't nest groups,
Did'nt know that...an nifty detail. Thanks for enlightening me
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] C++ determine if current user is member of a specific group - Mikey0727 Programming 3 01-13-2011 11:21 AM
can i give directory permission to a group and not specific user? SamuraiCoder Linux - Newbie 5 05-26-2010 05:23 PM
adding user to wheel group tied2 *BSD 10 09-28-2007 05:22 AM
Adding an AD authenticated user to the "wheel" group on Red Hat ES kram82 Linux - Security 3 06-22-2006 08:50 AM
Why specific user/group for rpm installation alanbe Linux - Newbie 1 03-02-2005 05:27 PM


All times are GMT -5. The time now is 11:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration