topic Re: root access via su to be restricted in Operating System - HP-UX

root access via su to be restricted

Sanjiv Sharma_1 — Mon, 23 Apr 2007 21:20:09 GMT

Hi,

I want to allow root access via "su" to be restricted only to the members of the following two groups, say "adm" and "sap". How can I achieve this? No other users or group can su to root.

Re: root access via su to be restricted

A. Clay Stephenson — Mon, 23 Apr 2007 21:40:58 GMT

Very simple. Change the root password and only tell the members of those groups. Seriously, the fundmental problem is that far too many people know your root password.

A safer method would be to identify just those tasks that need to be run as root and create a set of very explicit sudo'ed commands.

Re: root access via su to be restricted

Patrick Wallek — Mon, 23 Apr 2007 21:41:03 GMT

Have a look at the man page for 'security'. There is functionality within the /etc/default/security file called 'su_root_group', or something very similar. This will do precisely what you require.

Re: root access via su to be restricted

Sanjiv Sharma_1 — Tue, 24 Apr 2007 09:32:03 GMT

In /etc/default/security, SU_ROOT_GROUP=adm does help. Thanks