Prevent log in as root
Joe(theWordy)Philbrook
jtwdyp at ttlc.net
Sun Apr 25 06:18:00 UTC 2004
It would appear that on Apr 24, Richard Kurth did say:
> Is there a way to Prevent anyone from logging in as root. I what them
> to only log in as admin and su to root. What would I change to make
> this work?
I don't believe you can limit what (any user who can provide su with the
root password) can do...
I'm not an expert on sudo, but I think it may be more suitable for what
you want to do than su... (I'm sure someone here would help you
understand how to selectively limit the sudo permissions for "admin" to
the tasks you actually need them to do.) But do give man sudo a look see.
I've never needed sudo because my linux box is really a single user
machine where I do all my own admin tasks, so for me su works. But I
would NOT even think of letting anyone else have the root password.
If you can actually "trust" them with such nuclear access as the root
password, then I'd suggest "asking" them to comply with the admin su to
root policy. If they can't be "trusted" that far, then you *really* don't
want to trust them with the root password et all.
Remember to any unix: root="can_do_anything!"
--
| --- ---
| Joe (theWordy) Philbrook <o> <o>
| J(tWdy)P ^
| <<jtwdyp at ttlc.net>> /---\ "bla bla bla..."
| \___/ "...and bla..."
At least I know my mouth is running, I just can't find the off button!
More information about the redhat-list
mailing list