Dear Dhiran,
First of all, I would like thanks a lot to you for
sharing knowledge with us.
I've follow your procecudure to editing or modify
/etc/pam.d/su . I even added on my normal user account
in wheel group and vipw my userid to group 10.
When I typed su , the system prompt me for
password. I input the root's account password for su,
the system prompt me "incorrect me" . Why ? Please
advise .
--- Dhiran Rajbhandari <[EMAIL PROTECTED]> wrote:
> Hi Friends,
> Most of you people may know to restrict users
> from doing su which
> can be more security risk when one is telnetting
> your system and using su
> to gain root privilege. Anyway I am gonna write here
> the way to restrict
> the users from doing su for those who may not know.
>
> First of all I would like to say that any access
> like halt, shutdown etc
> for general user can be controled through /etc/pam.d
> . Here is how to
> restrict su:
>
> 1. vi /etc/pam.d/su (or your favorite editor)
> 2. add the following line in su file.
> auth sufficient
> /lib/security/pam_rootok.so debug
> auth required
> /lib/security/pam_wheel.so group=wheel
> 3. Save and exit.
>
> 4. Now no one can gain the su access except root or
> the user from wheel group.
>
> Note:You can't simply assign any group for this
> feature. The wheel only
> will work here, as this is the special account on
> your purposed which is
> used for this purpose.
>
> If you wish to give su access to any particular user
> than make that user
> the member of wheel group. To do this you can add
> the username at last in
> the line of wheel group name or use usermod -G 10
> userid.
>
>
> Cheers!
> Dhiren
>
>
> ----------------------------------------------
> An alpha version of a web based tool to manage
> your subscription with this mailing list is at
> http://lists.linux-india.org/cgi-bin/mj_wwwusr
__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/
----------------------------------------------
LIH is all for free speech. But it was created
for a purpose. Violations of the rules of
this list will result in stern action.
