On 07/16/2012 01:32 PM, Steven Jones wrote:
> I have craeted a sshd rule only for the HBAC, but I find a std user can
> su - to root, is this correect behavior? 
> 
> How do I? or can I?  stop this unless explicitly allowed?
> 
> regards
> 
> Steven Jones
> 
> Technical Specialist - Linux RHCE
> 
> Victoria University, Wellington, NZ
> 
> 0064 4 463 6272
> 
> 
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
> 


You need to control this via PAM. So for me I restrict su to only be
allowed for members of the wheel group, from /etc/pam.d/su:

auth    required        pam_wheel.so    use_uid

There are comments in the file that will get you where you want to go.

-Erinn

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to