And there is one essential final step as well: add a line /bin/su root.wheel 4750 to /etc/permissions.local. Otherwise your security change will disappear at some random time in the future (next time SuSEconf runs). See /etc/sysconfig/security for more information about this mechanism. Bob On Mon, 8 Mar 2004, Paul Dwerryhouse wrote:
On Mon, Mar 08, 2004 at 04:27:46PM +0100, Gero Schmidt-K?rst wrote:
I guess there is a easy possibility to allow the command 'su' only to a small group of users. Perhaps someone of you can send me a hint!
Yep:
* add the users to the group 'wheel':
usermod -G wheel tom usermod -G wheel dick usermod -G wheel harry
* change the group and permissions on /bin/su so that it can only be accessed by members of the group 'wheel'
chgrp wheel /bin/su chmod 4750 /bin/su
I picked the group 'wheel' since this is what, historically, Unix systems have used for this function.
Cheers,
Paul.
-- Paul Dwerryhouse | PGP Key ID: Amsterdam, The Netherlands (X) <-> Melbourne, Australia ( ) | 0x6B91B584
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691