[opensuse] Re: only wheel members can su as root
Hi, Please bear with me, I'm new to this group and suse as well. my question is, is there a way to configure suse that only users that are member of the group wheel can su as root? Thanks J -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Under Yast2 -> System -> SUDO
Default is allow all.
On Fri, Apr 25, 2008 at 10:42 PM, Jay Jesus Amorin
Hi,
Please bear with me, I'm new to this group and suse as well. my question is, is there a way to configure suse that only users that are member of the group wheel can su as root?
Thanks
J -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
BTW im using sles10, bi cant find Under Yast2 -> System -> SUDO
On Sat, Apr 26, 2008 at 12:22 PM, Andreas van dem Helge
Under Yast2 -> System -> SUDO
Default is allow all.
On Fri, Apr 25, 2008 at 10:42 PM, Jay Jesus Amorin
wrote: Hi,
Please bear with me, I'm new to this group and suse as well. my question is, is there a way to configure suse that only users that are member of the group wheel can su as root?
Thanks
J -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-- Ang nagtanong ay tanga. Ang hindi nagtanong ay nanatiling tanga. -jayamorin -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Jay Jesus Amorin wrote:
BTW im using sles10, bi cant find Under Yast2 -> System -> SUDO
On Sat, Apr 26, 2008 at 12:22 PM, Andreas van dem Helge
wrote: Under Yast2 -> System -> SUDO
Default is allow all.
On Fri, Apr 25, 2008 at 10:42 PM, Jay Jesus Amorin
wrote: Hi,
Please bear with me, I'm new to this group and suse as well. my question is, is there a way to configure suse that only users that are member of the group wheel can su as root?
Thanks
Jay, If I'm correct your are saying you want to limit a certain group of users to be the only ones with "sudo" capabilities. Anyone can "su" and enter root's password and then they are root, so I don't think that is what you are after -- I could be wrong. However, presuming it is a limit on the 'sudo' abilities, the answer is easy and straight forward. First, as you have already found, make the users that you WANT to have sudo ability members of the wheel group. Then, as root, # visudo then uncomment either the line: %wheel ALL=(ALL) SETENV: ALL this will require the user to enter the root password, OR uncomment the line: %wheel ALL=(ALL) NOPASSWD: SETENV: ALL and all members of the wheel group will be able to execute programs as root by "sudo <program>" without having to enter a password. The key, and the limiting factor, is that only people that you have made members of the wheel group in /etc/group will be able to exercise this privilege. If that's not what you needed, sorry. I don't know how to limit the ability to "su" without denying the user a login shell. I guess you could move or remove /bin/su, but that would likely screw up a lot of applications that ask for the root password to do X or Y. -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
David C. Rankin a écrit :
and all members of the wheel group will be able to execute programs as root by "sudo <program>" without having to enter a password.
it may not be a good idea to let users use sudo without passwd (if a session is open anybody that access the keyboard can do root work better have sudo ask for the user's passwd jdd -- Jean-Daniel Dodin Président du CULTe www.culte.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
jdd sur free wrote:
David C. Rankin a écrit :
and all members of the wheel group will be able to execute programs as root by "sudo <program>" without having to enter a password.
it may not be a good idea to let users use sudo without passwd (if a session is open anybody that access the keyboard can do root work
better have sudo ask for the user's passwd
jdd
There are a few root commands that I, as mere mortal, wish to use frequently. I edit sudoers to give passwordless su access to a directory that contains symlinks to the appropriate commands. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Andreas van dem Helge wrote:
Under Yast2 -> System -> SUDO
You might have better luck looking for it in Security and Users. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 26 April 2008 04:42:18 Jay Jesus Amorin wrote:
Hi,
Please bear with me, I'm new to this group and suse as well. my question is, is there a way to configure suse that only users that are member of the group wheel can su as root?
One way would be to add auth required pam_wheel.so to /etc/pam.d/sudo Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2008-04-26 at 10:42 +0800, Jay Jesus Amorin wrote:
Hi,
Please bear with me, I'm new to this group and suse as well. my question is, is there a way to configure suse that only users that are member of the group wheel can su as root?
Easy! Locate the "su" program: nimrodel:~ # which su /bin/su check its permissions: - -rwsr-xr-x 1 root root 27008 Sep 22 2007 /bin/su* change it to be owned by group "wheel" and remove execution permision for "other": chgrp wheel /bin/su chmod o-x /bin/su Done! However, suse scripts may undo this change, so to make it permanent edit "/etc/permissions.local" appropiately. I leave that as an execise for the reader :-) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIEv+vtTMYHG2NR9URAo4wAJ97UN4aP4iT6VRNsiuCAvLLjADQ8wCghk3P hxerinBDNLZxbOzp0D69JRc= =6Udn -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Jay Jesus Amorin wrote:
Hi,
Please bear with me, I'm new to this group and suse as well. my question is, is there a way to configure suse that only users that are member of the group wheel can su as root?
Thanks
J
I noticed that su belongs to group root, but others have read & execute permission. What happens if you change it to wheel group and remove the others permissions? -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (7)
-
Anders Johansson
-
Andreas van dem Helge
-
Carlos E. R.
-
David C. Rankin
-
James Knott
-
Jay Jesus Amorin
-
jdd sur free