Mailinglist Archive: opensuse-security (485 mails)

< Previous Next >
Re: [suse-security] allow 'su' to limited users
  • From: Bob Vickers <bobv@xxxxxxxxxxxxx>
  • Date: Tue, 9 Mar 2004 09:26:45 +0000 (GMT)
  • Message-id: <Pine.OSF.4.58.0403090919040.3890@xxxxxxxxxxxxxxxxxxxxx>
And there is one essential final step as well: add a line

/bin/su root.wheel 4750

to /etc/permissions.local. Otherwise your security change will disappear
at some random time in the future (next time SuSEconf runs). See
/etc/sysconfig/security for more information about this mechanism.

Bob

On Mon, 8 Mar 2004, Paul Dwerryhouse wrote:

> On Mon, Mar 08, 2004 at 04:27:46PM +0100, Gero Schmidt-K?rst wrote:
> > I guess there is a easy possibility to allow the command 'su' only to
> > a small group of users. Perhaps someone of you can send me a hint!
>
> Yep:
>
> * add the users to the group 'wheel':
>
> usermod -G wheel tom
> usermod -G wheel dick
> usermod -G wheel harry
>
> * change the group and permissions on /bin/su so that it can only be
> accessed by members of the group 'wheel'
>
> chgrp wheel /bin/su
> chmod 4750 /bin/su
>
>
> I picked the group 'wheel' since this is what, historically, Unix
> systems have used for this function.
>
> Cheers,
>
> Paul.
>
> --
> Paul Dwerryhouse | PGP Key ID:
> Amsterdam, The Netherlands (X) <-> Melbourne, Australia ( ) | 0x6B91B584
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>

==============================================================
Bob Vickers R.Vickers@xxxxxxxxxxxxx
Dept of Computer Science, Royal Holloway, University of London
WWW: http://www.cs.rhul.ac.uk/home/bobv
Phone: +44 1784 443691

< Previous Next >