LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-10-2012, 08:24 AM   #1
CWood
Member
 
Registered: Oct 2011
Distribution: Slackware 13.37
Posts: 39

Rep: Reputation: Disabled
Control what users can su into


Hi guys, I'm currently in the midst of doing a bit of network admin, in preparation to go live in the near future. In the process, a good portion of that is hardening the server.

My question is: currently I have a user, ssh, that is the only user that can be sshed into. Idea being, it will be more secure. I want to set up this account with NO permissions, other than read/write from its home directory, and su to rootl1. The rootl1 account will be able to access the web server root directory, with read/write permissions, but cannot delete anything. This can su into rootl2, which can delete stuff, but everything is backed up before modifications. This can su into rootl3, and, well, you get the idea.

My question is, how can I make it so that accounts can only su into certain other accounts, and no others? So ssh can su into rootl1, but can only get to rootl2 by going through rootl1 (the idea being that if someone can get into ssh, they would need a bunch more passwords to be able to do anything bad).
 
Old 12-11-2012, 03:05 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,379

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
The permission to write is the same as deleting, there is no difference in principle between these things.

You certainly can't do this with su, that's noa legitimate use of it. Your best bet is to look at sudo instead, and restrict their access that way. Don't allow the user to become anyone else, allow them to perform specific operations as another user. your multiple root princple sounds kinda... quirky... :s
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to control bandwidth to users Nix4me Linux - General 9 12-08-2005 03:47 AM
I can't add users to "samba users" in control center g_jakes Linux - Security 3 05-20-2005 02:10 PM
can't add users to "samba users" in control center g_jakes Linux - Networking 1 05-20-2005 01:28 PM
can't add users to "samba users" in control center g_jakes Linux - Wireless Networking 1 05-20-2005 01:27 PM
No volume control for users, only root has it Paul12 Linux - General 3 07-26-2001 12:58 AM


All times are GMT -5. The time now is 07:42 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration