- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Disable su -
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-14-2005 03:53 PM
тАО04-14-2005 03:53 PM
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-14-2005 04:01 PM
тАО04-14-2005 04:01 PM
Re: Disable su -
Rename the command "su" or move it to a different directory.
Regards,
Naveej
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-14-2005 04:23 PM
тАО04-14-2005 04:23 PM
SolutionSee my reply in this thread. by this way you can stop users, doing su to root.
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=854029
To restrict "su" command from normal users move su binary to /usr/sbin from /usr/bin.
#mv /usr/bin/su /usr/sbin/
Hope this will work still I havent tested this method.Other option is renaming the binary.
Naveej also mentioned the similar solution here.
Regards,
Syam
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-14-2005 04:25 PM
тАО04-14-2005 04:25 PM
Re: Disable su -
Do you want to lock down su to all users or only to the root user?
What you need to consider is
1) I want users to stop doing SU to root.
Easy: Look at /etc/default/security and set SU_ROOT_GROUP.
2) To disourage use of SU set a policy and then check the /var/adm/sulog file.
Else provide an idea of what is trying to be achieved and perhaps another way can be found.
Example. I am user "ONE" and I wish to su to user "TWO". Locking down su just means I have to pop up another session and log in as user "TWO".
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-14-2005 04:27 PM
тАО04-14-2005 04:27 PM
Re: Disable su -
Rgds
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-14-2005 06:13 PM
тАО04-14-2005 06:13 PM
Re: Disable su -
CooLmaChO if a user ca su to root he has the root passord. If you remove su he can still log in as root and "have all the fun he wants". Unless you utilize securetty but then root will only be able to login from the console.
Seems to me the solution is to protect the passwords.
Regards,
Trond
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-14-2005 06:24 PM
тАО04-14-2005 06:24 PM
Re: Disable su -
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-14-2005 06:34 PM
тАО04-14-2005 06:34 PM
Re: Disable su -
As Trond said, if user can user su root, (s)he already
has the passwd. What you need is a strong password
policy.
It's not really a good idea to hide/rename/move the
su binary. I would strongly advice against it.
- Biswajit