Re: How to restrict the su command? Not sudo
From: Andrew Ho (andrewho_at_andrewho.co.uk)
Date: 11/18/03
- Next message: Andrew Ho: "Re: Newbie looking for a UNIX"
- Previous message: SpamLover: "Re: Newbie looking for a UNIX"
- In reply to: Sybren Stüvel: "Re: How to restrict the su command? Not sudo"
- Next in thread: Sybren Stüvel: "Re: How to restrict the su command? Not sudo"
- Reply: Sybren Stüvel: "Re: How to restrict the su command? Not sudo"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 18 Nov 2003 11:53:46 -0800
Sybren Stüvel <sybrenUSE@YOURimagination.thirdtower.com> wrote in message news:<pan.2003.11.18.14.57.41.3920@YOURimagination.thirdtower.com>...
> On Tue, 18 Nov 2003 06:54:00 -0800, Andrew Ho wrote:
>
> > After all, when you use the 'su' command,
> > you still need a password.
>
> That's not entirely true. Read the comments in /etc/pam.d/su.
>
> > just curious, that's all. Anyway, a thought I had was to make a group
> > that people had to be in to execute that command "chgrp suusers /bin/su",
> > and to make anyone who can use that command a part of that group
>
> Using PAM (as described in my other post in this thread) is a much cleaner
> way to solve the issue.
>
> Sybren
Ah yes, you are right, Sybren. And from what I remember when I was
last around this group [one or two years ago], that happens a lot :)
Andrew
- Next message: Andrew Ho: "Re: Newbie looking for a UNIX"
- Previous message: SpamLover: "Re: Newbie looking for a UNIX"
- In reply to: Sybren Stüvel: "Re: How to restrict the su command? Not sudo"
- Next in thread: Sybren Stüvel: "Re: How to restrict the su command? Not sudo"
- Reply: Sybren Stüvel: "Re: How to restrict the su command? Not sudo"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
