Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 04-27-2005, 11:50 AM   #1
Registered: Oct 2004
Posts: 42

Rep: Reputation: 15
prevent users from running 'su'


I want to prevent some users from running the su command. can anyone tell me how could I do it? I am a little confused with the 'wheel' group, sudo etc., Please help me with how to go about this problem...

Old 04-27-2005, 11:55 AM   #2
Senior Member
Registered: May 2003
Location: /var/log/cabin
Distribution: All
Posts: 1,167

Rep: Reputation: 45
-rwsr-xr-x 1 root root 32153 2005-03-31 16:50 /bin/su

You can remove the execute permission for group and other. chmod -x su. Then nobody but root can run it. But, then you wouldn't need it except to switch to a user.
Old 04-27-2005, 11:56 AM   #3
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 125Reputation: 125
Generally, only users in the wheel group are permitted to 'su' to root. If you want to limit who can use su, try the following:[list=1][*]Add a group called 'suusers' or similar and add all the users you want to be able to use su to this group.[*]Set su so that it can only be executed by members of the group suusers.
# chmod 750 `which su`
# chown root:suusers `which su`
[*]Su is now only available to those users! [/list=1]
Old 04-27-2005, 05:00 PM   #4
Registered: Oct 2004
Posts: 42

Original Poster
Rep: Reputation: 15
Thanks for all your replies...
Old 04-28-2005, 08:18 AM   #5
Registered: Mar 2005
Location: Chennai, India
Distribution: Ubuntu, CentOS
Posts: 72

Rep: Reputation: 15
the proper method of implementing this is

* uncomment the
#auth       required     /lib/security/$ISA/ use_uid
line from /etc/pam.d/su

* add the desire users to the default group wheel

thats it you are done.
Old 04-28-2005, 02:03 PM   #6
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 125Reputation: 125
As I understand it, the wheel restriction is only on suing to root. I could still, say, 'su johndoe' or some such.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
FTP users prevent browsing to other directories mephesto Linux - Software 2 05-07-2005 10:03 AM
Can I prevent users from seeing dir contents? Jukas Linux - Newbie 5 04-08-2005 07:56 PM
How to prevent users from --> Drogo Linux - Software 7 01-31-2004 11:03 PM
Prevent users from running su Itzac Linux - Security 13 03-25-2003 04:25 PM
prevent users from accessing KDE or GNOME cyberswami Linux - Security 6 01-24-2003 01:46 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:18 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration