Hi Friends,
Most of you people may know to restrict users from doing su which
can be more security risk when one is telnetting your system and using su
to gain root privilege. Anyway I am gonna write here the way to restrict
the users from doing su for those who may not know.
First of all I would like to say that any access like halt, shutdown etc
for general user can be controled through /etc/pam.d . Here is how to
restrict su:
1. vi /etc/pam.d/su (or your favorite editor)
2. add the following line in su file.
auth sufficient /lib/security/pam_rootok.so debug
auth required /lib/security/pam_wheel.so group=wheel
3. Save and exit.
4. Now no one can gain the su access except root or the user from wheel group.
Note:You can't simply assign any group for this feature. The wheel only
will work here, as this is the special account on your purposed which is
used for this purpose.
If you wish to give su access to any particular user than make that user
the member of wheel group. To do this you can add the username at last in
the line of wheel group name or use usermod -G 10 userid.
Cheers!
Dhiren
----------------------------------------------
An alpha version of a web based tool to manage
your subscription with this mailing list is at
http://lists.linux-india.org/cgi-bin/mj_wwwusr
