disable su command
hi
i want to disable the su command on a server so that users cant run the su command i removed the comment from the 3 and 5 line in /etc/pam.d/su file but it doesnt seem to work the file is shown below #%PAM-1.0 auth sufficient pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. auth sufficient pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. auth required pam_wheel.so use_uid auth include system-auth account sufficient pam_succeed_if.so uid = 0 use_uid quiet account include system-auth password include system-auth session include system-auth session optional pam_xauth.so ~ please help |
Hello,
What distro is the server running on? Kind regards, Eric |
Centos 5.4
|
Hello,
I don't know if you can disable su entirely, probably there is a way. But there is an easier way to disable the use of su for all users. Code:
cd /etc/pam.d/ Code:
auth required pam_wheel.so use_uid Hope that helps. Kind regards, Eric |
as stated above i have dont the changes u stated but it doesnt work so i posted this request
|
Silly question: if the users don't know the password of the target
user (I presume root?) ... what is the problem with them running su? Cheers, Tink |
Hi,
Sorry about that, I really have to start opening my eyes before posting :doh: Is there anything showing in the logs when a user tries to 'su'? I think pam saves to the /var/log/secure log. Kind regards, Eric |
problem solved it worked just restarted
|
Hi,
Great, the most common problem after changing configuration: not restarting the service in question to apply the changes. Happened to me more then once in the past too. Glad it works. If you consider your question/problem solved then please mark this thread as such using the Thread Tools. Kind regards, Eric |
All times are GMT -5. The time now is 01:36 PM. |