[SOLVED] Deny specific users to use the su command

emiinfo · 08-27-2016, 05:38 PM

Hello,

how can i deny other users except (user1) using the su command?

here the things which i have tried.

there is a user1 and i have added him to wheel group.
and modified the PAM/su file

removed following line:

[#auth required pam_wheel.so use_uid]

but still othe users are able to use su from there shell

thanks
Amit

frankbell · 08-27-2016, 07:38 PM

Take them out of the wheel group maybe? I know that, on BSD, users must be a member of wheel to use su (only because I've been familiarizing myself with FreeBSD--you must actively add your user to wheel in FreeBSD).

http://www.cyberciti.biz/tips/restri...u-command.html

emiinfo · 08-28-2016, 03:25 PM

hello,
Thanks bro.

but By default all users are allowed to access the su command.even if they are not member of the wheel.

just wnated to allow only one user to access the su.

thanks
Amit

descendant_command · 08-28-2016, 03:29 PM

emiinfo · 08-28-2016, 04:12 PM

Hello,

I don't know , i am using RH 6

please help me solving this issue

astrogeek · 08-28-2016, 04:13 PM

You do that by NOT giving them the passwords of other users - especially root.

emiinfo · 08-28-2016, 04:22 PM

ok.. that is fine. but whenever users type su commd in there shell its promting to type password.
and i wnat them not to execute the su command
except user_1.

one more thing wanted to ask is that default redhat? (every users can execute su cmd)

thank
Amit

Timothy Miller · 08-28-2016, 04:37 PM

yes, the su command is meant to be usable by any user, since it asks for the TARGET users password, not the current users password. So it's completely useless command unless you know the password of the user you are attempting to su to. Unlike sudo, this doesn't allow users any more rights than if they have access to the system in the first place, since they have to know the password of the user they want to become in order to use it.

emiinfo · 08-28-2016, 04:52 PM

Thanks you everyone...and Timothy Miller.