limit su access to some users
2007-12-25 11:49:00
Many thanks once again for many replies to my question:
=> Does anyone know if there exists on Solaris 2.4 a way to limit which users
=> can access root via 'su' ? I would like only 2-3 people to be able to use
=> 'su -' to access to root.
=>
=> On SunOS 4.1.3 there was the 'wheel' group, whose members were the only peopl
=> who could su to root. Anyone else who tried 'su -' received the message
=> You do not have permission to su to root
=> or suchlike.
=> However on Solaris 2.4 this mechanism doesn't seem to exist any more..
=>
Thanks to :
beckman@bofh.fleet.capital.ge.com
The suggestions were basically the following:
1. If your users don't use su to become other (non-root) users, then
you can:
add the trusted users to group "wheel" in /etc/group
chmod 4550 /bin/su /sbin/su
This has the disadvantage that normal users can't use su to become other users
than root. I would like to keep this possibility.
2. Use the sysadmin group
Unfortunately this doesn't affect su access as far as I can tell, only enables
use of admintool by non-root users.
3. Try sudo.
This is the best solution, especially using the 'ALL' keyword (with care!)
to give certain trusted users full access to root.
Many thanks
Robin
WEUSC sysadmin
Comments
Got something to say?
You must be logged in to post a comment.
