I've been working with FreeBSD and recently with Trustix Secure Linux; in both systems I've found a nice feature: the only users who're allowed to su root are the mebers of the root group. I haven't found how to do this in SuSE (currently working with SuSE 6.3 and 6.4, and switching to SuSE 7.0 soon), is this possible? Thanks in advance, Andres Tarallo
there are several ways to do this, I think securityportal.com had an article about this a couple of days ago. u can restrict the su command with: a) file permissions b) su.conf c) pam.conf the harden_suse script will do this for you automatically in any case. Cheers Nix At 09:04 AM 18/10/2000, you wrote:
I've been working with FreeBSD and recently with Trustix Secure Linux; in both systems I've found a nice feature: the only users who're allowed to su root are the mebers of the root group.
I haven't found how to do this in SuSE (currently working with SuSE 6.3 and 6.4, and switching to SuSE 7.0 soon), is this possible?
Thanks in advance,
Andres Tarallo
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
there are several ways to do this, I think securityportal.com had an article about this a couple of days ago. u can restrict the su command with: a) file permissions b) su.conf c) pam.conf
the harden_suse script will do this for you automatically in any case.
I seem to rmember writing about that. heh. Anyways I would reccomend tossing su out and using sudo. Red Hat ships sudo now, it's really quite nice. http://securityportal.com/lskb/10000000/kben10000012.html
Cheers
Nix
-Kurt
--snip--
I seem to rmember writing about that. heh. Anyways I would reccomend tossing su out and using sudo. Red Hat ships sudo now, it's really quite nice.
as has suse for quite some time now :) this being a SuSE mailing list and all.. *grin*
http://securityportal.com/lskb/10000000/kben10000012.html
Cheers
Nix
-Kurt
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
I seem to rmember writing about that. heh. Anyways I would reccomend tossing su out and using sudo. Red Hat ships sudo now, it's really quite nice.
http://securityportal.com/lskb/10000000/kben10000012.html -Kurt
I'm sorry, I currently don't have any SuSE-4.x or 5.x available to see
when we had that for the first time in the distribution.
:-)
Roman.
--
- -
| Roman Drahtmüller
I seem to rmember writing about that. heh. Anyways I would reccomend tossing su out and using sudo. Red Hat ships sudo now, it's really quite nice.
If I remember my redhat 6.2 box does not have sudo but yet my suse 6.4 has sudo and so did my suse 6.1 if it is not a default package you can certainly get it off the CDs.
well if you do not have users who have multiple accounts and thus su between normal accounts, you could limit execution of the su command to the user and group and set the group owner to wheel. On Tue, 17 Oct 2000, Andres Tarallo wrote:
I've been working with FreeBSD and recently with Trustix Secure Linux; in both systems I've found a nice feature: the only users who're allowed to su root are the mebers of the root group.
I haven't found how to do this in SuSE (currently working with SuSE 6.3 and 6.4, and switching to SuSE 7.0 soon), is this possible?
Thanks in advance,
Andres Tarallo
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (5)
-
Andres Tarallo
-
Kurt Seifried
-
Nix
-
Roman Drahtmueller
-
semat