LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-27-2005, 11:50 AM   #1
manudath
Member
 
Registered: Oct 2004
Posts: 42

Rep: Reputation: 15
prevent users from running 'su'


Hi,

I want to prevent some users from running the su command. can anyone tell me how could I do it? I am a little confused with the 'wheel' group, sudo etc., Please help me with how to go about this problem...

Thanks,
Manudath
 
Old 04-27-2005, 11:55 AM   #2
Thoreau
Senior Member
 
Registered: May 2003
Location: /var/log/cabin
Distribution: All
Posts: 1,167

Rep: Reputation: 45
-rwsr-xr-x 1 root root 32153 2005-03-31 16:50 /bin/su

You can remove the execute permission for group and other. chmod -x su. Then nobody but root can run it. But, then you wouldn't need it except to switch to a user.
 
Old 04-27-2005, 11:56 AM   #3
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 124Reputation: 124
Generally, only users in the wheel group are permitted to 'su' to root. If you want to limit who can use su, try the following:[list=1][*]Add a group called 'suusers' or similar and add all the users you want to be able to use su to this group.[*]Set su so that it can only be executed by members of the group suusers.
Code:
# chmod 750 `which su`
# chown root:suusers `which su`
[*]Su is now only available to those users! [/list=1]
 
Old 04-27-2005, 05:00 PM   #4
manudath
Member
 
Registered: Oct 2004
Posts: 42

Original Poster
Rep: Reputation: 15
Thanks for all your replies...
 
Old 04-28-2005, 08:18 AM   #5
apsivam
Member
 
Registered: Mar 2005
Location: Chennai, India
Distribution: Ubuntu, CentOS
Posts: 72

Rep: Reputation: 15
the proper method of implementing this is

* uncomment the
Code:
#auth       required     /lib/security/$ISA/pam_wheel.so use_uid
line from /etc/pam.d/su

* add the desire users to the default group wheel

thats it you are done.
 
Old 04-28-2005, 02:03 PM   #6
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 124Reputation: 124
As I understand it, the wheel restriction is only on suing to root. I could still, say, 'su johndoe' or some such.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
FTP users prevent browsing to other directories mephesto Linux - Software 2 05-07-2005 10:03 AM
Can I prevent users from seeing dir contents? Jukas Linux - Newbie 5 04-08-2005 07:56 PM
How to prevent users from --> Drogo Linux - Software 7 01-31-2004 11:03 PM
Prevent users from running su Itzac Linux - Security 13 03-25-2003 04:25 PM
prevent users from accessing KDE or GNOME cyberswami Linux - Security 6 01-24-2003 01:46 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:15 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration