[SunHELP] restricting "su" access

Fletcher, Joe sunhelp at sunhelp.org
Sat Nov 3 08:59:04 CST 2001


FWIW

Tru64 is similar to FreeBSD in the sense that unless you are in group system
you can't su to root.



-----Original Message-----
From: Will Yardley [mailto:william+sun at hq.newdream.net]
Sent: 3 November 2001 10:42
To: sunhelp at sunhelp.org
Subject: Re: [SunHELP] restricting "su" access


Solaris Neophyte wrote:
> 
> Ther's something I really like on my FreeBSD box that I haven't seen
> implemented on Solaris.
> 
> Only people belonging to the "wheel" on FreeBSD can "su" to root.
> 
> Is there anyway to set the same thing up with my Solaris machine?

AFAIK this is only really possible on freebsd, although you could make a
group called 'deny' and add all the users you don't want to su to it...
then chgrp deny /usr/bin/su and chmod 4505 it

even if 'other' has read and write permissions on it, those in the group
'deny' shouldn't be able to access it (that's how it works on most *nix
operating systems anyway from what i've been told).

your mileage may vary.....

w

-- 
GPG Public Key:
http://infinitejazz.net/will/pgp/
_______________________________________________
SunHELP maillist  -  SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp


MetaPack
The Lightwell 
12/16 Laystall Street 
Clerkenwell 
London EC1R 4PF 
Tel: +44 (0) 20 7843 6720 
Fax: +44 (0) 20 7843 6721
--------------------------------------------------------------------------
This email is confidential and proprietary; 
all information contained in it must be used only by the addressee in
accordance with MetaPack's terms of business and non-disclosure agreement. 
Disclosure, copying, and distribution to, or use by, anyone other than the
intended recipient is strictly prohibited and may be unlawful.



More information about the SunHELP mailing list