Summary: Restricting root access to users

From: Sanjiv K. Bhatia (sanjiv@aryabhat.cs.umsl.edu)
Date: Wed Sep 09 1998 - 14:20:58 CDT


I have three different solutions:

1. Restrict su to group executable (take away other executable privilege) and
   add the authorized users to the group.

2. Use sudo

3. Declare the privileged users in the wheel group [I think it only works on
   SunOS 4.1.x]

I am going with solution 1 for the present and solution 2 in about 2 weeks from
now ;-)

Thanks to:

Bill Hathaway <wdh@poss.com>
Todd Herr <todd_herr@hermes.sra.com>
Matthew Stier <Matthew.Stier@tddny.fujitsu.com>
System Administrator <smitty@ConnectI.com>
Burak Baysal <bbaysal@ee.siue.edu>
Mark Hargrave <hargrme@wisdom.maf.nasa.gov>
"Eric D. Pancer" <eric@outlook.net>
Leif Ericksen <phantom@wwa.com>
Karl Boehnker <s1033761@admiral.umsl.edu>
Todd Herr <todd_herr@hermes.sra.com>
Tim Fritz <tim@wayback.er.usgs.gov>
Sean <shadow6@bellsouth.net>
Ann Benninger <ahb@exelixis.com>
"Steve Baylon" <steveb@sqq89.com>
Benjamin Cline <benji@hnt.com>
Leonard Miyata <leonard@geminisecure.com>
David Lew <dlew@jps.net>
Timothy Lorenc <lorenct@load.com>
Rob Leonard <r.leonard@metrolink.net>
"Rodney C. Marable" <marable@mage.netgen.com>

Original question:

>Hi all:
>
>I am looking for a way to restrict the `su root` privilege to only two users on
>the system. Is it possible on Solaris 2.6?
>
>I have already restricted root login to console but su can be performed from
>anywhere.
>
>I checked the Solaris Answer Book as well as the FAQ for this list but did not
>find any. Please help. Will summarize.
>
>Sanjiv
>--
>Sanjiv K. Bhatia Department of Math & Computer Science
>sanjiv@aryabhat.umsl.edu University of Missouri -- St. Louis
>voice: (314)-516-6520 St. Louis, MO 63121-4499
>fax : (314)-516-5400 http://www.cs.umsl.edu/Faculty/sanjiv.html
>

-- 
Sanjiv K. Bhatia                Department of Math & Computer Science
sanjiv@aryabhat.umsl.edu        University of Missouri -- St. Louis
voice: (314)-516-6520           St. Louis, MO 63121-4499
fax  : (314)-516-5400           http://www.cs.umsl.edu/Faculty/sanjiv.html



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:48 CDT