[Freeipa-users] stopping su -
Erinn Looney-Triggs
erinn.looneytriggs at gmail.com
Mon Jul 16 21:38:25 UTC 2012
On 07/16/2012 01:32 PM, Steven Jones wrote:
> I have craeted a sshd rule only for the HBAC, but I find a std user can
> su - to root, is this correect behavior?
>
> How do I? or can I? stop this unless explicitly allowed?
>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
You need to control this via PAM. So for me I restrict su to only be
allowed for members of the wheel group, from /etc/pam.d/su:
auth required pam_wheel.so use_uid
There are comments in the file that will get you where you want to go.
-Erinn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120716/7f8b5e00/attachment.sig>
More information about the Freeipa-users
mailing list