On 4/18/06, Mike Gerdts <mgerdts at gmail.com> wrote: > On 4/18/06, Wuming Shi <wumings at gmail.com> wrote: > > hi, > > how can I disable the root from "su - <id>" to become <id>? currently > > the root can su to <id> without password, so it's not safe to this > > user. > > This is why you protect the root account. Even if a PAM module were > used to restrict this activity, it takes less than 10 lines of clear, > well-documented C code to accomplish very close to the same thing.
I'm not sure I understand your statement. you mean a PAM module can prevent root from "su - <id>"? how?
