Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
01-23-2005, 01:46 AM
|
#1
|
|
Member
Registered: Dec 2001
Location: NoVA
Distribution: Ubuntu, Solaris, OpenBSD
Posts: 492
Rep: 
|
lost ability to su
In my attempts to harden a Redhat ES 3 box I ran the following commands from a Linux security book.
/bin/chgrp wheel /bin/su
/bin/chmod 4750 /bin/su
This was after I added one username to the wheel group under /etc/group Now no one can su. I'm doing all of my work at work instead of remotely trying to fix this problem. I get a "incorrect password" error for any username trying to su either to root or another user. I know the passwords are correct, I even changed one to be sure.
I changed the ownership of su back to the root group and ran chmod 0755 on the file itself. What am I missing here? ANY help/advice is appreciated.
|
|
|
|
|
01-23-2005, 02:03 AM
|
#2
|
|
Member
Registered: Dec 2001
Location: NoVA
Distribution: Ubuntu, Solaris, OpenBSD
Posts: 492
Original Poster
Rep:
|
chmod 04755 fixed it. Now how can finish what I was attempting? Added the username right behind root in the wheel entry in /etc/group I was certain I'd done things right.
|
|
|
|
|
01-23-2005, 12:21 PM
|
#3
|
|
Senior Member
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,290
|
Did you logout and re-login the user after you had added him to the wheel group? Group membership is set at login time, so changing /etc/group while a user is logged in will have no effect on their group membership. If you don't want to logout and re-login, you can also use newgrp to become a member of a group that you've been added to.
|
|
|
|
|
01-29-2005, 03:32 AM
|
#4
|
|
Member
Registered: May 2004
Distribution: redhat, trustix, debian
Posts: 103
Rep:
|
you want only members of group wheel to be able to su to root?
i've done this with pam once but i don't remember exactly how 
you have to put something like this in /etc/pam.d/su: Auth required /lib/security/pam_wheel.so group=wheel
do a search in google for examples |
|
|
|
All times are GMT -5. The time now is 11:34 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
