su to root only for special users

[rebge]

Hi,
how can i configure, that only some special users can su to root? We have Solaris 8. There must be a way, but i don't remember.

rebge

 

[KenCunningham]

You could look at sudo:

http://www.courtesan.com/sudo/

HTH.

 

[syjl]

rbac is the native solaris version of sudo but does not allow much flexibility.

 

[lsherwood]

I haven't tried this, so I won't swear it will work. But you could change the permissions of /usr/bin/su so that only members of a specific group could run the command. For example, since su's group is sys, make the users you want to run su secondary members of the sys group. Then remove world execute for /usr/bin/su.

Adding these users to a privileged group might bring up other issues, so perhaps removing execute perms for others and creating an ACL to allow members of the ACL to run the command would be a better way to go.

Larry

 

[sampsonr]

I don't mean to be facetious, but how about just changing the root password and only telling people who really need it?

 

[aterockz]

Hmmm I have a similar problem but the other way around.
There is a machine where not all users are allowed to "SU" to root user...
I want to add another user to do this, but I don't know where it is configured !?

I am using solaris 7

thanks

 

[hashimra]

i suggest you use etrust access control

 

[mrn]

Add a user with uid & gid of 0, you may have to edit the /etc/passwd, then get the users to su - newuser.

Or just install sudo

--
| Mike Nixon
| Unix Admin
|
----------------------------