[opensuse] limit 'su' to a specific username
Hello, I have locked down /usr/bin/su by putting certain admin users in the wheel group and only allowing them to execute su. However, I need to set up a way to have other non-admin users su to a bogus user, a special username, that will be used to execute commands. What I want is to have users ssh into the server, then any of them can su to the special user to execute commands as that special user. The special user will not have ssh access (I want to see who is logged into the server). I want to continue denying non-admin users the ability to su to any other user. Any ideas how I can accomplish this? Many thanks in advance. James -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
In <758626AE705047B0B58529379A65F2A9@adminPC>, James D. Parra wrote:
I have locked down /usr/bin/su by putting certain admin users in the wheel group and only allowing them to execute su. However, I need to set up a way to have other non-admin users su to a bogus user, a special username, that will be used to execute commands.
What I want is to have users ssh into the server, then any of them can su to the special user to execute commands as that special user. The special user will not have ssh access (I want to see who is logged into the server). I want to continue denying non-admin users the ability to su to any other user.
Any ideas how I can accomplish this?
Use sudo instead. It was designed for this. 'su' was not. -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
-----Original Message----- From: Boyd Stephen Smith Jr. [mailto:bss@iguanasuicide.net] Sent: Thursday, July 30, 2009 8:42 AM To: opensuse@opensuse.org Subject: Re: [opensuse] limit 'su' to a specific username In <758626AE705047B0B58529379A65F2A9@adminPC>, James D. Parra wrote:
I have locked down /usr/bin/su by putting certain admin users in the wheel group and only allowing them to execute su. However, I need to set up a way to have other non-admin users su to a bogus user, a special username, that will be used to execute commands.
What I want is to have users ssh into the server, then any of them can su to the special user to execute commands as that special user. The special user will not have ssh access (I want to see who is logged into the server). I want to continue denying non-admin users the ability to su to any other user.
Any ideas how I can accomplish this?
Use sudo instead. It was designed for this. 'su' was not. ~~~~~~~~~~~~~~~~~~~~~~~~~ You can sudo to specific user only and run as that user? How is that setup in sudo? Thank you, James -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* James D. Parra <jamesp@musicreports.com> [07-30-09 12:13]:
Use sudo instead. It was designed for this. 'su' was not. ~~~~~~~~~~~~~~~~~~~~~~~~~
You can sudo to specific user only and run as that user? How is that setup in sudo?
man sudo would be a start man sudoers would also help
Thank you,
You are most welcome -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
In <D328AD8CB88743ACA963342BC7A69A27@adminPC>, James D. Parra wrote:
-----Original Message----- From: Boyd Stephen Smith Jr. [mailto:bss@iguanasuicide.net] Sent: Thursday, July 30, 2009 8:42 AM In <758626AE705047B0B58529379A65F2A9@adminPC>, James D. Parra wrote:
What I want is to have users ssh into the server, then any of them can su to the special user to execute commands as that special user. The special user will not have ssh access (I want to see who is logged into the server). I want to continue denying non-admin users the ability to su to any other user.
Any ideas how I can accomplish this?
Use sudo instead. It was designed for this. 'su' was not. ~~~~~~~~~~~~~~~~~~~~~~~~~
You can sudo to specific user only and run as that user? How is that setup in sudo?
man sudoers That will get you started. When I have more time I might give a more full reply. -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
participants (3)
-
Boyd Stephen Smith Jr. -
James D. Parra -
Patrick Shanahan