deny su - root
mark
m.roth2006 at rcn.com
Fri Jun 5 21:19:58 UTC 2009
Ezra Taylor wrote:
> You can also make sure that you are the only one that knows the password.
> Doing a su - root requires a password. If your users don't know the root
> password, they will not be able to access the root account. Also, as
> another of our list members stated, put only users you what to have sudo
> access in a group(ie wheel) in your sudoers file.
No. Users. Should. Have. Root. Password. Engrave that in stone in your brain.
Your manager should have it, but NO ONE ELSE, EVER.
This is not a Windows box. They can do what they need to without it. If and
*only* if they have a special reason, *and* your manager agrees, give them
sudo, and limit that.
mark
>
> On Thu, Jun 4, 2009 at 7:00 AM, Daniel Carrillo
> <daniel.carrillo at gmail.com>wrote:
>
>> 2009/6/4 Matias Nicolas <matiasnicolas at live.co.uk>:
>>> hello everybody. I wannna know something... I want to deny the su - root
>> to the users in the system. i don't know how to do that... does somebody
>> know how to do that??
>>>
>>>
>>> Ex: I got 5 users (user1 user2 user3 user4 mine) I dont want them to do
>> su - root. Let's let user2 do su - root And I (the administrator) want to
>> login as root when i get the "login as:" prompt. Is there any possibility
>> to do that??
>>
>> You can edit /etc/pam.d/su and follow the instructions from commented
>> lines.
>>
>> Basically, you can restrict use of su, to the users in group wheel.
>>
>> BR.
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
>
>
More information about the redhat-list
mailing list