deny su - root

Matias Nicolas matiasnicolas at live.co.uk
Thu Jun 4 11:10:58 UTC 2009 

Thanks for the answer, but... I found a bit difficult to understand the file... could u give me some hints on how to configure it??

 

I leave the output:

 

[root at vmrhel4 ~]# cat /etc/pam.d/su
#%PAM-1.0
auth       sufficient   /lib/security/$ISA/pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth       sufficient   /lib/security/$ISA/pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth       required     /lib/security/$ISA/pam_wheel.so use_uid
auth       required     /lib/security/$ISA/pam_stack.so service=system-auth
account    sufficient   /lib/security/$ISA/pam_succeed_if.so uid = 0 use_uid quiet
account    required     /lib/security/$ISA/pam_stack.so service=system-auth
password   required     /lib/security/$ISA/pam_stack.so service=system-auth
# pam_selinux.so close must be first session rule
session    required     /lib/security/$ISA/pam_selinux.so close
session    required     /lib/security/$ISA/pam_stack.so service=system-auth
# pam_selinux.so open and pam_xauth must be last two session rules
session    required     /lib/security/$ISA/pam_selinux.so open
session    optional     /lib/security/$ISA/pam_xauth.so


 

 


 
> From: daniel.carrillo at gmail.com
> Date: Thu, 4 Jun 2009 13:00:03 +0200
> To: redhat-list at redhat.com
> Subject: Re: deny su - root
> 
> 2009/6/4 Matias Nicolas <matiasnicolas at live.co.uk>:
> >
> > hello everybody. I wannna know something... I want to deny the su - root to the users in the system. i don't know how to do that... does somebody know how to do that??
> >
> >
> >
> > Ex: I got 5 users (user1 user2 user3 user4 mine) I dont want them to do su - root. Let's let user2 do su - root And I (the administrator) want to login as root  when i get the "login as:" prompt. Is there any possibility to do that??
> 
> You can edit /etc/pam.d/su and follow the instructions from commented lines.
> 
> Basically, you can restrict use of su, to the users in group wheel.
> 
> BR.
> 
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

_________________________________________________________________
Show them the way! Add maps and directions to your party invites. 
http://www.microsoft.com/windows/windowslive/products/events.aspx

More information about the redhat-list mailing list