Hi managers,
original question is :
> I want to protect users from using su command that connect my machine by telnet. How can I achieve this?
Thanks all to respond my question in a shorttime,especially;
nsp83273@cae091.ed.ray.com
vogelke@c17.wpafb.af.mil
rali@meitca.com
root@utopia.poly.edu
ian@south-border.com
zimmer@pop.psu.edu
darren@Legato.com
Matthew.Stier@MCI.Com
stephane@lituus.fr
rich@loopexpert.com
THE POSSIBLE ANSWERS ARE:
1)change the protections from 4555 to 450
chmod 4550 su
put any user you want to have access to su
into group sys
note: this is based on solaris 2.5 group may be
different on sunos
2)I would look into sudo as an aid here...
3)If you're in Solaris, go into /etc/default/login and uncomment the line
# If CONSOLE is set, root can only login on that device.
# Comment this line out to allow remote login by root.
#
CONSOLE=/dev/console
4)The standard answer is:
Create an 'su' group,
assign everyone that you want to have access to that group,
chgrp the su executable to that group,
chmod the su executable to disable its use by 'others'.
For the typical Solaris platform, it is:
/usr/sbin/groupadd -g GID su
/usr/sbin/useradd -G GID user1
/usr/sbin/useradd -G GID user2
/usr/bin/chgrp su /usr/bin/su
/usr/bin/chmod o-a /usr/bin/su
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:46 CDT