Possible to disable root su possibility to a secure account ?

[Gloups]

I'd like to have an high secure user account.

Is it possible with AIX alone or with any ISV product to disable for root the 'su' possiblity to this account ?


Thank's in advance

 

[alexhu]

To login as root you need a password.

To 'su' to root you need a password.

How is stopping 'su to root' going to increase security ?

Alex

 

[Gloups]

That's not what i want to do.

If it's possible, i want to prevent somebody logged with root account to su to a specific user.

 

[alexhu]

Ah! I see, but AFAIK thats not possible - root is all powerful, and has to be really - try googling for "trusted aix" that might do something along the lines you want

Alex

 

[ChessMaster1]

in /etc/security/user there is an entry, by userid, called sugroups. For the root userid pick one or more groups i.e. security and system. Then any user su-ing to root must be part of that group or they cannot su. I hope this helps. Will

 

[Gloups]

Thank's for your answers, as i supposed i cant isolate a specific account from root actions