deny su - root

hike mh1272 at gmail.com
Sat Jun 6 00:43:48 UTC 2009 

"Your manager should have it, but NO ONE ELSE, EVER."

Are you a frakking idiot?

managers should never have root password.
have you ever seen what managers DO for a living?



On Fri, Jun 5, 2009 at 5:19 PM, mark <m.roth2006 at rcn.com> wrote:

> Ezra Taylor wrote:
> > You can also make sure that you are the only one that knows the password.
> > Doing a su - root requires a password.  If your users don't know the root
> > password, they will not be able to access the root account.  Also, as
> > another of our list members stated, put only users you what to have sudo
> > access in a group(ie wheel) in your sudoers file.
>
> No. Users. Should. Have. Root. Password. Engrave that in stone in your
> brain.
>
> Your manager should have it, but NO ONE ELSE, EVER.
>
> This is not a Windows box. They can do what they need to without it. If and
> *only* if they have a special reason, *and* your manager agrees, give them
> sudo, and limit that.
>
>        mark
> >
> > On Thu, Jun 4, 2009 at 7:00 AM, Daniel Carrillo
> > <daniel.carrillo at gmail.com>wrote:
> >
> >> 2009/6/4 Matias Nicolas <matiasnicolas at live.co.uk>:
> >>> hello everybody. I wannna know something... I want to deny the su -
> root
> >> to the users in the system. i don't know how to do that... does somebody
> >> know how to do that??
> >>>
> >>>
> >>> Ex: I got 5 users (user1 user2 user3 user4 mine) I dont want them to do
> >> su - root. Let's let user2 do su - root And I (the administrator) want
> to
> >> login as root  when i get the "login as:" prompt. Is there any
> possibility
> >> to do that??
> >>
> >> You can edit /etc/pam.d/su and follow the instructions from commented
> >> lines.
> >>
> >> Basically, you can restrict use of su, to the users in group wheel.
> >>
> >> BR.
> >>
> >> --
> >> redhat-list mailing list
> >> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> >> https://www.redhat.com/mailman/listinfo/redhat-list
> >>
> >
> >
> >
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>


"Your manager should have it, but NO ONE ELSE, EVER."

Are you a frakking idiot?

managers should never have root password.
have you ever seen what managers DO for a living?

More information about the redhat-list mailing list