Michael Viron wrote: > Change the group ownership on su to root:wheel . > Next, remove execute permission from "other" on su.
I have to say I find this option kind of puzzling. What's the rationale exactly? Why couldn't an opponent who knew the root pword just execute his *own* copy of su? It seems it would have nuisance value at best. Not that nuisance value couldn't be of some practical use, provided the security admin doesn't think it's a substitute for safeguarding passwords. Or maybe it's to prevent *inadvertant* rather than malicious damage? Something like: People in our group might find out the root pword and be tempted to su to quick-fix some difficulty they're having, then they might break something and we wouldn't know who was responsible, so we'll just remove the temptation? I guess that makes a certain amount of sense, but it's not terribly flattering to your coworkers.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
