[TriLUG] Limiting su access to specific users

Mike Johnson mike at enoch.org
Thu Jan 3 10:16:14 EST 2002


Jon Carnes [jonc at nc.rr.com] wrote:
  
> Want to be able to control who uses su? It's quite easy.
> Open up su...usually /etc/pam.d/su
> Add or uncomment the line (as root)
> auth required /lib/security/pam_wheel.so use_uid
> (Mandrake 8.1 it is already there. All you have to do is uncomment it)
> And thats it.
> Make all users that you want to have su privledges, belong to the group 
> wheel.
> 
> When a user who does not belong to the wheel group, tries to su, he will 
> get a password incorrect message. Neat eh?

The way I've always done it is to chgrp su to wheel, then chmod it to
4750.  Any user who doesn't belong to the wheel group can't even run
the command.

Mike
-- 
"Yeah it is! Cause he's bakin' in the...kitchen of darkness!  A pie of
lost souls...until it's golden brown!" -- Moltar on Space Ghost



More information about the TriLUG mailing list