Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
04-26-2006, 09:14 AM
|
#1
|
|
Member
Registered: Apr 2004
Location: Queens, NY
Distribution: Red Hat, Solaris
Posts: 295
Rep: 
|
Only specific users allowd to SU?
Hi! is there any way I can limit SU to a single particular user that I would like to have super user access and deny everyone else the ability to use the command?
Thanks.
|
|
|
|
|
04-26-2006, 09:24 AM
|
#2
|
|
Senior Member
Registered: Dec 2005
Location: Indiana
Distribution: RHEL/CentOS/SL 5 i386 and x86_64 pata for IDE in use
Posts: 4,790
Rep:
|
First 'su' is short for (roughly) switchuser not supersuser.....
And yes it is (already)limited to those that know the correct password(s). Keeping a hard to guess memorized root password works wonders.
When using 'su' or 'su -' without supplying a username root is used as the default user to switch to.
|
|
|
|
|
04-26-2006, 09:38 AM
|
#3
|
|
Member
Registered: Jun 2001
Location: Up in the clouds
Distribution: Fedora et al.
Posts: 353
Rep:
|
edit /etc/pam.d/su and do the following:
Code:
# Uncomment the following line to require a user to be in the "wheel" group.
auth required /lib/security/$ISA/pam_wheel.so use_uid
Then add the user you want to be the only one to access su to the wheel group:
Code:
$ gpasswd -a [user] wheel
HTH,
Mike.
Last edited by mikeyt_333; 04-26-2006 at 09:41 AM.
|
|
|
|
|
04-26-2006, 11:04 AM
|
#4
|
|
Member
Registered: Mar 2004
Location: Toronto, Ontario
Distribution: Debian
Posts: 36
Rep:
|
You can also use the sudo package for this.
With sudo you can specify the users or groups which have access to specific commands.
For example your /etc/sudoers might look something like this:
Cmnd_Alias SU_ACCESS = /bin/su -
User_Alias SU_USERS = bob, john, sam, fred
SU_USERS ALL = (ALL) SU_ACCESS
In this case the user(s) would have to run the following to su to the root user:
sudo /bin/su -
|
|
|
|
|
04-26-2006, 12:10 PM
|
#5
|
|
Member
Registered: Apr 2004
Location: Queens, NY
Distribution: Red Hat, Solaris
Posts: 295
Original Poster
Rep:
|
Thanks the PAM solution looks like its the best solution for my scenario. Thanks
|
|
|
|
All times are GMT -5. The time now is 12:54 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
