Dear Kelvin Ng,
If you have configured everything properly as I wrote in
my previous mail and also added the userid in wheel group than obviously it
has to work. One thing you have to note that you have to logout and relogin
with that userid again to take effect of the group ID. Please check the
configuration as follow once again:
1. vi /etc/pam.d/su
2. Add: (each one per line)
auth sufficient /lib/security/pam_rootok.so debug
auth required /lib/security/pam_wheel.so group=wheel
3. Make sure that the files above mentioned are in /lib/security.
4. use chmod -G 10 userid. (10 is a group ID of wheel account).
5. Also check the group file whether your userid has been is added at last
of wheel group or not.
6. log off from all terminal and again relogin with your userid and try su.
If that doesn't work than you may be missing some parameters or misspelled
somewhere in above configuration.
Rgds,
Dhiren
At 06:53 PM 9/20/00 -0700, you wrote:
>Dear Dhiran,
> First of all, I would like thanks a lot to you for
>sharing knowledge with us.
> I've follow your procecudure to editing or modify
>/etc/pam.d/su . I even added on my normal user account
>in wheel group and vipw my userid to group 10.
> When I typed su , the system prompt me for
>password. I input the root's account password for su,
>the system prompt me "incorrect me" . Why ? Please
>advise .
>
>--- Dhiran Rajbhandari <[EMAIL PROTECTED]> wrote:
> > Hi Friends,
> > Most of you people may know to restrict users
> > from doing su which
> > can be more security risk when one is telnetting
> > your system and using su
> > to gain root privilege. Anyway I am gonna write here
> > the way to restrict
> > the users from doing su for those who may not know.
> >
> > First of all I would like to say that any access
> > like halt, shutdown etc
> > for general user can be controled through /etc/pam.d
> > . Here is how to
> > restrict su:
> >
> > 1. vi /etc/pam.d/su (or your favorite editor)
> > 2. add the following line in su file.
> > auth sufficient
> > /lib/security/pam_rootok.so debug
> > auth required
> > /lib/security/pam_wheel.so group=wheel
> > 3. Save and exit.
> >
> > 4. Now no one can gain the su access except root or
> > the user from wheel group.
> >
> > Note:You can't simply assign any group for this
> > feature. The wheel only
> > will work here, as this is the special account on
> > your purposed which is
> > used for this purpose.
> >
> > If you wish to give su access to any particular user
> > than make that user
> > the member of wheel group. To do this you can add
> > the username at last in
> > the line of wheel group name or use usermod -G 10
> > userid.
> >
> >
> > Cheers!
> > Dhiren
> >
> >
> > ----------------------------------------------
> > An alpha version of a web based tool to manage
> > your subscription with this mailing list is at
> > http://lists.linux-india.org/cgi-bin/mj_wwwusr
>
>
>__________________________________________________
>Do You Yahoo!?
>Send instant messages & get email alerts with Yahoo! Messenger.
>http://im.yahoo.com/
>
>----------------------------------------------
>LIH is all for free speech. But it was created
>for a purpose. Violations of the rules of
>this list will result in stern action.
----------------------------------------------
LIH is all for free speech. But it was created
for a purpose. Violations of the rules of
this list will result in stern action.
