Robert Haehnel <[EMAIL PROTECTED]> writes:
> I'm not sure you want to limit use of su. A mere user can use it to switch
> to other user accts if it is warrented. It is too handy a tool to limit use
> of it, what you might want to do it work up a script to log who is using it
> and what accts they are switching to.
>
> The best protection against abuse of su is good password administration
> (especially root passwords).
Yes, but limiting su on heavily trafficed systems is still a good
thing as it slows an intruders ability to exploit the knowledge they
have.
Why not just change the permissions on su (or your su wrapper that is
tracking usage) and make the users you want to allow members of a
group (e.g. admin, powerusers).
rw2
--
Logically, life must be possible in the Universe.
Else you would not be here.
Assuming you are.
