LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-06-2007, 10:13 AM   #1
beammeup
LQ Newbie
 
Registered: Mar 2005
Location: Worcester, MA
Distribution: RHEL 3, 4, 5, CentOS 5.x
Posts: 15

Rep: Reputation: 0
Restrict su to certian users in RHEL 2.1, 3, 4


Hi,

I have a product called Bindview (anyone familiar with it) that in its latest version 8.02 has the ability to run in an agentless mode. Basically this is a reporting tool for Linux and other os's.

What it needs to do though as near as I and my Bindview Administrator can figure out is to SSH into a server (I created the id bvagentless) and then su - to a root equivalent (for obvious reasons I'm not giving out the root password) in order to successfully run the reports. What I'm not sure how to do is to restrict the ability to su to that user only to the user account bvagentless. I will be restricting that root equivalent so it can only be used via su -.

I believe that I can use pam to do this but have confused myself trying to figure it out. I would need to be able to configure this on RHEL 2.1, 3 and 4.

Any help is much appreciated.
 
Old 03-06-2007, 12:13 PM   #2
live_dont_exist
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Rep: Reputation: 30
If you're sure that you will not be needing su for anyone else you could switch su's permissions to 755 by removing the sticky bit which is there initially.

Once this is done you could change ownership of su by allowing it to be owned by this user who will be su'ing to root. That way no-one else would be able to use this command.

This though is a dirty way of doing it and might break something else sometime in the future. So you might want to look at sudo... man sudo for information and allow the su command to be run only by this specific user.

If there's a better way of doing this I'd love to hear it.

Cheers
Arvind
 
Old 03-06-2007, 12:53 PM   #3
iamnothere
Member
 
Registered: Feb 2007
Location: UK
Distribution: Slamd 64, Slackware
Posts: 46

Rep: Reputation: 16
man suauth
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Restrict what commands users can use? jasone *BSD 1 11-30-2006 06:50 AM
ProFTPd restrict all users to /fs ? dbc001 Slackware 12 07-28-2006 04:49 PM
restrict/allow ssh users mike30188 Linux - Security 2 06-20-2005 08:37 PM
restrict unix users to ~ novaprime Linux - Software 20 01-25-2005 11:41 PM
How to restrict email from users... Supp0rtLinux Linux - Software 1 01-08-2003 03:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:42 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration