deny su - root
Matias Nicolas
matiasnicolas at live.co.uk
Thu Jun 4 11:10:58 UTC 2009
Thanks for the answer, but... I found a bit difficult to understand the file... could u give me some hints on how to configure it??
I leave the output:
[root at vmrhel4 ~]# cat /etc/pam.d/su
#%PAM-1.0
auth sufficient /lib/security/$ISA/pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required /lib/security/$ISA/pam_wheel.so use_uid
auth required /lib/security/$ISA/pam_stack.so service=system-auth
account sufficient /lib/security/$ISA/pam_succeed_if.so uid = 0 use_uid quiet
account required /lib/security/$ISA/pam_stack.so service=system-auth
password required /lib/security/$ISA/pam_stack.so service=system-auth
# pam_selinux.so close must be first session rule
session required /lib/security/$ISA/pam_selinux.so close
session required /lib/security/$ISA/pam_stack.so service=system-auth
# pam_selinux.so open and pam_xauth must be last two session rules
session required /lib/security/$ISA/pam_selinux.so open
session optional /lib/security/$ISA/pam_xauth.so
> From: daniel.carrillo at gmail.com
> Date: Thu, 4 Jun 2009 13:00:03 +0200
> To: redhat-list at redhat.com
> Subject: Re: deny su - root
>
> 2009/6/4 Matias Nicolas <matiasnicolas at live.co.uk>:
> >
> > hello everybody. I wannna know something... I want to deny the su - root to the users in the system. i don't know how to do that... does somebody know how to do that??
> >
> >
> >
> > Ex: I got 5 users (user1 user2 user3 user4 mine) I dont want them to do su - root. Let's let user2 do su - root And I (the administrator) want to login as root when i get the "login as:" prompt. Is there any possibility to do that??
>
> You can edit /etc/pam.d/su and follow the instructions from commented lines.
>
> Basically, you can restrict use of su, to the users in group wheel.
>
> BR.
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
_________________________________________________________________
Show them the way! Add maps and directions to your party invites.
http://www.microsoft.com/windows/windowslive/products/events.aspx
More information about the redhat-list
mailing list