[TriLUG] Limiting su access to specific users

H. Wade Minter minter at lunenburg.org
Thu Jan 3 10:16:22 EST 2002


On Thu, 3 Jan 2002, Jon Carnes wrote:

> Want to be able to control who uses su? It's quite easy.
> Open up su...usually /etc/pam.d/su
> Add or uncomment the line (as root)
> auth required /lib/security/pam_wheel.so use_uid
> (Mandrake 8.1 it is already there. All you have to do is uncomment it)
> And thats it.
> Make all users that you want to have su privledges, belong to the group
> wheel.
>
> When a user who does not belong to the wheel group, tries to su, he will
> get a password incorrect message. Neat eh?

On top of that, you can also use "sudo" to give people or groups of people
access to only certain commands as root, but not the rest.  Useful if you
have people who need root-level access to do things (like restarting
servers or whatnot), but you don't want to give them full root access.

--Wade




More information about the TriLUG mailing list