[prev in list] [next in list] [prev in thread] [next in thread] 

List:       aix-l
Subject:    Re: locking who can use the su command down
From:       James Cizek <jcizek () YUMA ! ACNS ! COLOSTATE ! EDU>
Date:       2009-07-22 21:52:44
Message-ID: 200907222152.n6MLqiq893010 () yuma ! acns ! colostate ! edu
[Download RAW message or body]

  This was exactly what I was looking for.  Many thanks to all who answered,
  and to Edward for help with my solution!  -James


> 
> James,
> 
> In the "root" stanza of "/etc/security/user", add lines for "su = true" and \
> "sugroups = comma,separate,list,of,groups" 
> This will allow only users in those groups to use /usr/bin/su to switch user to \
> root.  I believe this can be done using the chuser command, since it is safer to \
> edit this file by "ch" commands rather than with vi. 
> 
> Edward Davignon
> Lead Analyst - Distributed Systems Unix
> Utility Shared Services - IT
> Energy East Corporation
> 
> 
> -----Original Message-----
> From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU] On Behalf Of James Cizek
> Sent: Monday, July 20, 2009 4:16 PM
> To: aix-l@Princeton.EDU
> Subject: locking who can use the su command down
> 
> This may seem like a very simple question and maybe I am missing something...
> I'd like to (by default)  not allow users on my AIX 5.3 box the ability
> to "su" to root.  There are only about 6 accounts that I care to allow
> a root su to... Is it possible to discriminate between letting some user
> account su up to root and not others?  Many thanks in advance!!
> 
> James Cizek					     (970)491-7432
> System Administrator				 FAX (970)491-1958
> Colorado State University	               james@ColoState.EDU
> Academic Computing and Networking Services
> Fort Collins, CO 80523
> 
> 
> 
> 


[prev in list] [next in list] [prev in thread] [next in thread]