Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
hehe I'm going to tell you another way to do it even though I am at risk of getting stoned to death for it. This is 'old-school' and most people have a problem with it.
What you do is create a group, usually called 'wheel', and add all the users you want to have access to the su command to the wheel group. Then chgrp su to the wheel group and chmod su so that only the owner and group have execute privelages.
Thanks all, these all seem like good solutions. I was able to correctly chmod su, but it kinda opened a bigger whole, because now, I can just do sudo su without having to enter any password at all. I'll try messing around with pam.d/su
Not to get too far off topic, but I don't really see what's so bad about a wheel group.
Admins get a certain amount of privilege that users don't. It's the way it works. Although I've only been on university networks mostly. It keeps a few bad apples from destroying the network and preventing other students from doing work. And I don't really need to be running most of those commands myself, anyway.
Then there's the argument of too many cooks in the kitchen...
Originally posted by cuckoopint its not 'old school'. Its the terrible, terrible way.
sudo has eliminated the need for a wheel group, and I still am to hear of a good argument for it.
btw, how does your suggestion differ from my 'sudo + chmod' suggestion (except for the fact that it uses sudo instad of a wheel group)?
I was simply just throwing another option out there for Itzac. If you are going to say that the technique I suggested is 'the terrible, terrible way' then you should tell us why you think it is so terrible. Not that I disagree with you but I'd like to here your thoughts on why it is so inferior to sudo.
Not to get too far off topic, but I don't really see what's so bad about a wheel group.
<OT>
here's basically my problem with a wheel group:
there is an assumption that some people just need more power than others, and therefore get special privileges. The easiest example cited is a network admin. Now, I understand that people (except for root) may need some permissions that most can't.
The difference is sort of subtle. Wheel has some set of commands, etc. and allows everyone in the group to use them. With sudo, you can be more specific. The webmaster may need access to apache, etc. but has no need for backups, etc. While someone may be designated for software, backups - but really have no need for something else. Heck, you can have someone that is only responsible for booting, shutting down, etc. So sudo allows you to specify 'groups' - webmaster, backups, janitor - without worrying that the janitor will accidently screw with the cronjobs for backups, or redesign the webpage. Now, this is a very simplistic model, but hopefully you can spot the difference. Wheel assumes some people just need a bunch of permissions, sudo gives you everything you need to get the job done, and no more.
Hopefully this also answers Crashed_Again. True its a technique. But in my OPINION, its like running su, or just running everything as root - they're both techniques, right?
; )
I guess what it comes down to then is that these are two means to one end. Sudo is just far more precise and refined than Wheel's rock-on-a-stick approach.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.