disable su command
 

hi
i want to disable the su command on a server so that users cant run the su command
i removed the comment from the 3 and 5 line in /etc/pam.d/su file but it doesnt seem to work the file is shown below

#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth required pam_wheel.so use_uid
auth include system-auth
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session optional pam_xauth.so
~

please help

Hello,

What distro is the server running on?

Kind regards,

Eric

Centos 5.4

Hello,

I don't know if you can disable su entirely, probably there is a way. But there is an easier way to disable the use of su for all users.
(or any other editor you prefer), and uncomment the line
This requires the user to be in the 'wheel' group in order to be able to run 'su'. Default only root is in that group.

Hope that helps.

Kind regards,

Eric

as stated above i have dont the changes u stated but it doesnt work so i posted this request

Silly question: if the users don't know the password of the target
user (I presume root?) ... what is the problem with them running su?


Cheers,
Tink

Hi,

Sorry about that, I really have to start opening my eyes before posting :doh:

Is there anything showing in the logs when a user tries to 'su'? I think pam saves to the /var/log/secure log.

Kind regards,

Eric

problem solved it worked just restarted

Hi,

Great, the most common problem after changing configuration: not restarting the service in question to apply the changes. Happened to me more then once in the past too. Glad it works.

If you consider your question/problem solved then please mark this thread as such using the Thread Tools.

Kind regards,

Eric