Limiting SU
Is there a way of limiting who and SU to root? TIA Andrew -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Limiting SU
* Andrew Pritchard ([EMAIL PROTECTED]) wrote: Is there a way of limiting who and SU to root? don't tell them the root password? iain -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Limiting SU
Is there a way of limiting who and SU to root? don't tell them the root password? iain I can just see some jokers trying to guess the root password. I realise this will come out in the logs, but I don't want them even able to try. Andrew -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Limiting SU
* Andrew Pritchard ([EMAIL PROTECTED]) wrote: Is there a way of limiting who and SU to root? don't tell them the root password? iain I can just see some jokers trying to guess the root password. I realise this will come out in the logs, but I don't want them even able to try. why not? there's always a way to login as root, whether by ssh'ing or just trying at the login prompt - su is just a convenience. iain -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Limiting SU
* iain d broadfoot [EMAIL PROTECTED] [2002-12-31 12:28]: * Andrew Pritchard ([EMAIL PROTECTED]) wrote: I can just see some jokers trying to guess the root password. I realise this will come out in the logs, but I don't want them even able to try. why not? there's always a way to login as root, whether by ssh'ing or just trying at the login prompt - su is just a convenience. well, I assume you disallowed the ssh-login for root? wbr, Lukas -- Lukas Ruf http://www.lpr.ch Wanna know anything about raw ip? Join [EMAIL PROTECTED] on http://www.rawip.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Limiting SU
* Andrew Pritchard [EMAIL PROTECTED]: Is there a way of limiting who man chmod and SU to root? man chmod or SU_WHEEL_ONLY in /etc/login.defs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Limiting SU
Andrew == Andrew Pritchard [EMAIL PROTECTED] writes: Is there a way of limiting who and SU to root? don't tell them the root password? iain Andrew I can just see some jokers trying to guess the root Andrew password. I realise this will come out in the logs, but I Andrew don't want them even able to try. Well, how about you create a group and change the group owner and execute permissions on /bin/su so only people in the group can run it? What you are really asking for is sudo though. Cheers! Shyamal -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Limiting SU
Shyamal == Shyamal Prasad [EMAIL PROTECTED] writes: Andrew == Andrew Pritchard [EMAIL PROTECTED] writes: Is there a way of limiting who and SU to root? Shyamal Well, how about you create a group and change the group Shyamal owner and execute permissions on /bin/su so only people Shyamal in the group can run it? What you are really asking for Shyamal is sudo though. Hmmm...right after I thought of sudo I looked and found vi /etc/pam.d/su Never used it, but it looks like this might be a good start for you. Cheers! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Limiting SU
On Tue, Dec 31, 2002 at 05:49:08AM -0500, Ludwig wrote: On Tue, 2002-12-31 at 05:34, Andrew Pritchard wrote: Is there a way of limiting who and SU to root? As root, chmod go-x /usr/bin/who This won't do anything. $ last -f /var/run/utmp will do the same thing as who What you need to do is chmod 600 /var/run/utmp -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]