On Wed, Mar 21, 2001 at 05:31:30PM +0100, Sven Michels wrote:
Egan wrote:
On my new SuSE 7.1 any user can su to root if they know the root password. I thought only members of group root could su to root, but now anybody can.
Is this a bug?
no, but what you need is to set the permissions on su .. only root and the member of the group x (can be root or whatever) can execute su.
Ahem... if a user knows the root password, why would you want to keep him or her from becoming root, anyway? If you restricted permissions of su, to members of the "root" group, then other users would not be able to change their "id" at all - you need to decide for yourself whether you want this or not. I don't see very much benefit in restricting access to su. On the other hand if e.g. you set your box to allow root to log in only on the console and never over the net... but still: if you can't trust the people who know the root password to use "su" correctly, then you probably shouldn't let them know the root password in the first place. Or am I missing something? Bye, Thomas -- Thomas Haeberlen Rechenzentrum Universitaet Stuttgart (RUS) Abteilung Informationsdienste Allmandring 30 , D-70569 Stuttgart Email: haeberlen@rus.uni-stuttgart.de Phone: +49 711 685 47 19 Fax: +49 711 678 76 26