[Freeipa-users] local root can su to any IPA user
Jakub Hrozek
jhrozek at redhat.com
Fri Nov 29 14:17:11 UTC 2013
On Fri, Nov 29, 2013 at 03:08:44PM +0100, Fred van Zwieten wrote:
> Jakub,
>
> Yes, I could do this. But then the local root account cannot su to local
> users (without password). But that is actually a normal use-case. I just
> think local root should not be allowed to transition to a domain user, by
> default.
>
> Fred
Ah, in that case I'm not sure if there's an easy solution, at least I
don't know any off hand. I think Alexander is right that SELinux would
be a good choice.
More information about the Freeipa-users
mailing list