On 4/18/06, Wuming Shi <wumings at gmail.com> wrote: > hi, > how can I disable the root from "su - <id>" to become <id>? currently > the root can su to <id> without password, so it's not safe to this > user.
This is why you protect the root account. Even if a PAM module were used to restrict this activity, it takes less than 10 lines of clear, well-documented C code to accomplish very close to the same thing. You could alter root's privileges so that root is no more powerful (or less poweful) than any other user. However, you should not expect Solaris to perform as documented in any Sun documentation if you do that. -- Mike Gerdts http://mgerdts.blogspot.com/
