Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I google it and see someone suggest to add a group,says admin, and add the specific user who can su root to that group, change the owner of /bin/su to that group and chmod o-rwx /bin/su
I try that, and yes, only the user I specify can su root, but even I input the password correcly, it can no more change to root. What's up? And what's the right way to do that?
You really don't want to have multiple root users.
Instead, have a look at the sudo command. It provides access for certain users to perform specific commands as the superuser.
man sudo and google will help you get it configured.
You really don't want to have multiple root users.
Instead, have a look at the sudo command. It provides access for certain users to perform specific commands as the superuser.
man sudo and google will help you get it configured.
Thanks for reply. But I wonder if su and sudo the same thing?
su root allows a user to become the superuser.
sudo allows others to run specific commands as the superuser.
Allowing multiple users to su root means these users will know the root pwd, which can create a lot of issues.
sudo, on the other hand, is highly configurable and will allow multiple users to run commands that require root priviledges. But you retain the root user security and would be the only one that can configure these privileges. This is a much better option.
Of course, you could defeat this safeguard by configuring a user like this:
Code:
joeuser ALL=(ALL) ALL
But, no ordinary user needs root access to all cmds. Not sure why you would want that.
Distribution: Fedora 22, Debian 8, Centos 6/7 for servers
Posts: 101
Rep:
Depending on your distro you should have a pam module called wheel. Check for /lib64/security/pam_wheel.so or /lib/security/pam_wheel.so from there only users in the WHEEL group (by default) are allowed to su to root.
More information is in the man pages: man pam_wheel
We can probably help you configure it if you want..........
True, but Ubuntu only gives global sudo permissions to the first user (the one created at install) thererfore it is reasonable to assume that this would have been the person to create the root account anyway.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.