locking down box
Jonathan Berry
berryja at gmail.com
Wed May 11 17:17:44 UTC 2005
On 5/11/05, List <list at nchost.net> wrote:
> How do i only allow wheels to su - ?
>
> thanks
Don't give users outside the wheel group the root password. I don't
think you can configure su - to limit use. I guess you might be able
to do something strange with permissions, but I wouldn't advise it;
you would probably break something that way.
If you want to control who can do things as root, I recommend you look
into sudo. You can set it to where only users in the wheel group can
use sudo, and you can let them use it without them knowing the root
password if you want.
man sudo
Google will find plenty of examples and other information. There
should even be a good example in the /etc/sudoers file (be sure to
edit the file as root with the "visudo" command).
But, if you don't want users to become root, then you shouldn't give
them the root password (and you should make it hard to guess or
crack), it's that simple. Though, anyone with physical access to a
machine is capable of becoming root, especially if they can reboot the
machine. Be sure to keep an eye on your logs if you don't trust your
users (that's never a good situation to be in, though).
Jonathan
More information about the users
mailing list