Re: disable 'su' for normal users
From: Bruce A. Locke (blocke@shivan.org)Date: 11/10/01
- Previous message: Mark Zealey: "Re: secure nfs"
- Maybe in reply to: Luciano Miguel Ferreira Rocha: "Re: disable 'su' for normal users"
- Next in thread: brad's @ Home: "How to hard wire arp tables? (Newbie)"
- Next in thread: Vincent Danen: "Re: disable 'su' for normal users"
- Reply: brad's @ Home: "How to hard wire arp tables? (Newbie)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Subject: Re: disable 'su' for normal users From: "Bruce A. Locke" <blocke@shivan.org> To: focus-linux@securityfocus.com Date: 10 Nov 2001 01:17:13 +0000 Message-Id: <1005355033.5753.2.camel@kodiak.chronospace.org>
On Fri, 2001-11-09 at 22:57, Seth Arnold wrote:
>
> I think that you can emulate this with the traditional permissions. Set
> su to root:wheel, 04550, and add users to group 'wheel' as appropriate.
>
Recent versions of su on Linux do support the wheel group concept
through pam... I've seen quite a few "minor" distributions support it
"out of the box".
Contents of /etc/pam.d/su on my system:
auth required pam_wheel.so use_uid
auth sufficient pam_rootok.so
auth required pam_pwdb.so nullok
account required pam_pwdb.so
password required pam_pwdb.so md5
session required pam_pwdb.so debug
On my system users cannot su unless they are the wheel group. (BTW, I
am using Gentoo Linux with shadow-20001016.
Hope this helps...
--Bruce A. Locke blocke@shivan.org
"Those that would give up a necessary freedom for temporary safety deserve neither freedom nor safety." -- Ben Franklin
- Previous message: Mark Zealey: "Re: secure nfs"
- Maybe in reply to: Luciano Miguel Ferreira Rocha: "Re: disable 'su' for normal users"
- Next in thread: brad's @ Home: "How to hard wire arp tables? (Newbie)"
- Next in thread: Vincent Danen: "Re: disable 'su' for normal users"
- Reply: brad's @ Home: "How to hard wire arp tables? (Newbie)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
