Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to restrict su to root?

Status
Not open for further replies.
Janghyegyung

Janghyegyung

Technical User
Aug 20, 2001
42
KR
I want to restrict su to root from special users or groups. Besides want to restrict login as a root on the remote host.

I'm beginer for Solaris and the version is 2.5.1

How can I do? Any help would be appreciated..
 
Sort by date Sort by votes
Hi,

To restict root login to the console only edit: /etc/default/login

and add the following line:

CONSOLE=/dev/console

Then, even if you know the root password it will only let you login as root on the machine´'s keyboard, or via a serial line line connected directly to the machine.

To restrict the people who can su to root, create the wheel group in /etc/group and add your admins to it, (it's a comma seperated list) thus:

wheel::11:accout1,account2,account3

etc.

Then issue the following commands:

chgrp wheel /usr/bin/su
chmod 4750 /usr/bin/su

This will mean that only the people in the wheel group can su to root.

You can check for other people trying to su to root with the help of the following, /etc/default/su contains the config file for su, (for details of the file use the "man su" command) this will tell you where the logfile of attempts is made and if attempts are logged to syslog or not. One usefull thing to do is echo su attempts to the console. you can keep a console open on your desktop by launching a small xterm with the -C flag to cause it to capture console messages. Stick it top left on your screen and it will update whenever a console message is passed to it. With su commands it tells you the time, the account name and whether they were successfull or not.

If you're interested in "hardening" Solaris futher then consult the following page:


The following page is also usefull:


especially the "big list"

This will make you smile:


Which includes this:


Which I reckon every PFY should read before they make the leap :)

Welcome to life as a sysadmin :)

later
jb
 
Upvote 0 Downvote
Really,really thank you..

And I have another question.

You answered that I can let su to root by group. It seemed to be inconvinient if I just want one user or one group to restrict su to root. What's the best solution in that case?



 
Upvote 0 Downvote
You may want to look at "sudo".
It allows you to give certain access to users or groups without giving root access. And it keeps a log.
 
Upvote 0 Downvote
I am beginner in the linux world.
Would some one tell me the structure on which the linux works. like in dos extention was like .exe .com what are it executables extention and other important beginning stuff.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

arciua
  • Locked
  • Question
SUN Solaris 7: How to pin Workspace Menu?
Replies
0
Views
477
arciua
arciua
tekmhe
  • Locked
  • Question
Using a PC, how to delete files from a Sunblade 150 IDE drive?
Replies
3
Views
284
SamBones
SamBones
DTGMI
  • Locked
  • Question
Sun X4270 Server Alarm Won't Clear
Replies
0
Views
352
DTGMI
DTGMI
austinramsay
  • Locked
  • Question
Solaris 10 install hanging at 3%.. Where to find log file, or ideas?
Replies
1
Views
454
AvayaTier3
AvayaTier3
egyassun
  • Locked
  • Question
SunOS confusing root directory and user home directory 1
Replies
4
Views
444
egyassun
egyassun

Part and Inventory Search

Sponsor

Back
Top