Re: SU permission

M. Tariq Ayub · ‎04-10-2005

how can i restrict su permission for specific user.

Deepak Kulkarni · ‎04-10-2005

Hi Tariq

In "/etc/default/security" file add the below shown entry for which you want to give su permission. "SU_ROOT_GROUP=group_name" . Group name should be present in /etc/group. For this group add the users to which you want to give the permission. For further deatils do a "man security".

Cheers
Deepak Kulkarni

Ranjith_5 · ‎04-10-2005

Hi Tariq,

1 . Create a file /etc/default/security if not present.

#touch /etc/default/security

# vi /etc/default/security

2. add the following line in /etc/default/security

SU_ROOT_GROUP=sysadm

3. create a group called sysadm

#groupadd sysadm

4. Add all the users who required SU permission in this group. You can do this by modifying the user using /usr/sbin/sam.

Regards,
Syam

M. Tariq Ayub · ‎04-10-2005

All other user will not have any su permission. right ?

Ranjith_5 · ‎04-10-2005

No other user will have the permission to to do a "su -". You are right.

Regards,
Syam

Deepak Kulkarni · ‎04-10-2005

Hi Tariq,

No body will have the permission to do su accept that group.

Regards
Deepak Kulkarni

Gary L. Paveza, Jr. · ‎04-11-2005

Setting this variable only controls who can su to root (su or su -). It will NOT prevent anyone from su'ing to another user ID.

Bill Hassell · ‎04-11-2005

Very important: /etc/default/security does not exist by default and the items in this file are documented by: man security
However, it is VERY dependent on whether you have current security patches and will never work on 10.20 or earlier. If you're running 11i and have all the security patches installed, it will indeed prevent su - root from working. And as mentioned, it does NOT restrict using su to any user other than root.

Bill Hassell, sysadmin

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: SU permission

SU permission

Re: SU permission

Re: SU permission

Re: SU permission

Re: SU permission

Re: SU permission

Re: SU permission

Re: SU permission