topic Re: How to prevent su to root? in Operating System - Linux

How to prevent su to root?

joseph wholey — Tue, 21 Mar 2006 13:06:43 GMT

I've installed sudo and sudoscripting on my RHEL AS3 implementation. I would now like to prevent everyone from su"ing" to the root user. I'd prefer that all use the "ss -u root" command as it will provide a much better audit trail. Can anyone point me in the direction of how I can prevent su to root. Thanks

Re: How to prevent su to root?

Sergejs Svitnevs — Tue, 21 Mar 2006 14:03:15 GMT

Edit the su file (vi /etc/pam.d/su) and add the following line to the top of the file:
auth required /lib/security/Pam_wheel.so group=wheel

Which means only members of the "wheel" group can su to root. You can add the users to the group wheel so that only those users will be allowed to su as root.

Regards

Re: How to prevent su to root?

Ivan Ferreira — Tue, 21 Mar 2006 14:04:14 GMT

Nobody that does not know the root password wont be able to su to root using the su command. You can also restrict further by using pam_wheel.so module. Edit /etc/pam.d/su:

auth required /lib/security/$ISA/pam_wheel.so use_uid

Only members of the wheel group will be able to use su.

To avoid su to root using sudo, configure something like this:

SUCMD = !/usr/bin/su*root*, /usr/bin/su

Re: How to prevent su to root?

Steven E. Protter — Tue, 21 Mar 2006 17:05:04 GMT

Shalom,

The pam file above can be used to preven root from using su to other users without password authentication.

That's the best you can do.

SEP