Dear sun-mgrs
Many thanks once again for many replies to my question:
=> Does anyone know if there exists on Solaris 2.4 a way to limit which users
=> can access root via 'su' ? I would like only 2-3 people to be able to use
=> 'su -' to access to root.
=>
=> On SunOS 4.1.3 there was the 'wheel' group, whose members were the only peopl
=> who could su to root. Anyone else who tried 'su -' received the message
=> You do not have permission to su to root
=> or suchlike.
=> However on Solaris 2.4 this mechanism doesn't seem to exist any more..
=>
Thanks to :
sjenkins@iastate.edu
bbyoung@amoco.com
dave@chadwyck.co.uk
bergman@phri.nyu.edu
rich@loopexpert.com
david@cs.newcastle.edu.au
beckman@bofh.fleet.capital.ge.com
fpardo@tisny.com
sagray@amp.com
joe@ns.hunter1.com
The suggestions were basically the following:
1. If your users don't use su to become other (non-root) users, then
you can:
add the trusted users to group "wheel" in /etc/group
chmod 4550 /bin/su /sbin/su
This has the disadvantage that normal users can't use su to become other users
than root. I would like to keep this possibility.
2. Use the sysadmin group
Unfortunately this doesn't affect su access as far as I can tell, only enables
use of admintool by non-root users.
3. Try sudo.
This is the best solution, especially using the 'ALL' keyword (with care!)
to give certain trusted users full access to root.
Many thanks
Robin
WEUSC sysadmin
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:16 CDT