LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-29-2010, 01:46 AM   #1
fernfrancis
Member
 
Registered: Feb 2009
Location: Goa(India)-Sharjah(UAE)
Distribution: RHEL,centos,fedora,ubuntu
Posts: 229

Rep: Reputation: 18
disable su command


hi
i want to disable the su command on a server so that users cant run the su command
i removed the comment from the 3 and 5 line in /etc/pam.d/su file but it doesnt seem to work the file is shown below

#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth required pam_wheel.so use_uid
auth include system-auth
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session optional pam_xauth.so
~

please help
 
Old 04-29-2010, 01:55 AM   #2
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
Hello,

What distro is the server running on?

Kind regards,

Eric
 
Old 04-29-2010, 01:55 AM   #3
fernfrancis
Member
 
Registered: Feb 2009
Location: Goa(India)-Sharjah(UAE)
Distribution: RHEL,centos,fedora,ubuntu
Posts: 229

Original Poster
Rep: Reputation: 18
Centos 5.4
 
Old 04-29-2010, 02:07 AM   #4
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
Hello,

I don't know if you can disable su entirely, probably there is a way. But there is an easier way to disable the use of su for all users.
Code:
cd /etc/pam.d/
vi su
(or any other editor you prefer), and uncomment the line
Code:
auth           required        pam_wheel.so use_uid
This requires the user to be in the 'wheel' group in order to be able to run 'su'. Default only root is in that group.

Hope that helps.

Kind regards,

Eric
 
Old 04-29-2010, 02:35 AM   #5
fernfrancis
Member
 
Registered: Feb 2009
Location: Goa(India)-Sharjah(UAE)
Distribution: RHEL,centos,fedora,ubuntu
Posts: 229

Original Poster
Rep: Reputation: 18
as stated above i have dont the changes u stated but it doesnt work so i posted this request
 
Old 04-29-2010, 02:48 AM   #6
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Silly question: if the users don't know the password of the target
user (I presume root?) ... what is the problem with them running su?


Cheers,
Tink
 
Old 04-29-2010, 02:50 AM   #7
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
Hi,

Sorry about that, I really have to start opening my eyes before posting

Is there anything showing in the logs when a user tries to 'su'? I think pam saves to the /var/log/secure log.

Kind regards,

Eric
 
Old 04-29-2010, 02:57 AM   #8
fernfrancis
Member
 
Registered: Feb 2009
Location: Goa(India)-Sharjah(UAE)
Distribution: RHEL,centos,fedora,ubuntu
Posts: 229

Original Poster
Rep: Reputation: 18
problem solved it worked just restarted
 
Old 04-29-2010, 02:59 AM   #9
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
Hi,

Great, the most common problem after changing configuration: not restarting the service in question to apply the changes. Happened to me more then once in the past too. Glad it works.

If you consider your question/problem solved then please mark this thread as such using the Thread Tools.

Kind regards,

Eric

Last edited by EricTRA; 04-29-2010 at 03:00 AM. Reason: Jumped the gun; you already marked it SOLVED. Great!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Been hacked?, was: How to disable rm command for an user hansemmanuel Linux - Security 26 04-12-2010 04:17 AM
Temporary Disable History Command leebrent Linux - Security 1 02-11-2008 09:54 PM
dbx command for corrosponding commands disable or disable on gdb bshankha AIX 0 09-26-2006 10:38 AM
looking for a enable/disable mouse command to X samel_tvom Linux - Hardware 2 03-03-2005 12:00 PM
How to disable beep in command line Backstander Linux - General 6 09-12-2004 03:11 PM


All times are GMT -5. The time now is 10:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration