Disable su to root

Disable su to root

Post by Christoffer Hall-Frederikse » Fri, 19 Feb 1999 04:00:00



How can you disable (on a linux-box, redhat 5.2) the abillity of users
to su to root, while still maintaining roots abillity to su to other users?

--
        Christoffer

        If builders built buildings the way programmers wrote programs,
        then the first woodpecker that came along would destroy civilisation.

                Gerald Weinberg

 
 
 

Disable su to root

Post by Jim Reidfor » Fri, 19 Feb 1999 04:00:00



> How can you disable (on a linux-box, redhat 5.2) the abillity of users
> to su to root, while still maintaining roots abillity to su to other users?

> --
>         Christoffer

>         If builders built buildings the way programmers wrote programs,
>         then the first woodpecker that came along would destroy civilisation.

>                 Gerald Weinberg

Don't give them the root password !!
--
Jim Reidford

--

"Due to financial constraints,
the light at the end of the tunnel
has been turned off until further notice !!"

 
 
 

Disable su to root

Post by Christoffer Hall-Frederikse » Sat, 20 Feb 1999 04:00:00



> Don't give them the root password !!

Never mind. PAM solved my problems.

--
        Christoffer

        If builders built buildings the way programmers wrote programs,
        then the first woodpecker that came along would destroy civilisation.

                Gerald Weinberg

 
 
 

1. disabling su for root on some machines

I'm stuck with the following "security" problem.  We are running Solaris
2.5.1 on a SunServer1000, our fileserver called "server".  In the
network we have various Solaris 2.5.1, Solaris 2.6, IRIX 5.3, and IRIX
6.2 machines, as well as PC's and Linux machines.

Problem: any user who has root access on her machine (and many do, since
they maintain their own PC's or whatever), can do something like the
following:
        local> su -
        Password:       [assume the user knows this]
        # su - otheruser
        otheruser>
i.e., that user can become any other user via root on her local machine.

That's a large leak I want to close.  How do I do that?

The file systems are exported as follows:

in /etc/dfs/dfstab:

share  -F nfs  -o rw=sun:sgi:pc,root=server.ws.dlr.de -d "home dirs"
/home_server

in /etc/vfstab:

/dev/md/homedirs/dsk/d8 /dev/md/homedirs/rdsk/d8        /home_server    ufs2    no      rq

Any hints appreciated, if even a pointer to where to look in AB2!!

Patrick
--
dr Patrick van der Smagt               phone +49 8153 281152, fax -34

P.O. Box 1116, 82230 Wessling, Germany                   ICQ 10513716

2. running perl as a service?

3. Disable su as root?

4. Flowcharting tool under Unix?

5. differences between su root and su - root

6. RAID setting

7. su root: You do not have permission to su root ?

8. Problem using dip to connect to internet provider

9. Solution: differences between su root and su - root

10. How to disable root SU's from remote sites?

11. su to a user then su to root in startup script

12. su problem -- su: Unknown id: root

13. GNU su (was Re: Preventing SU Root)