SUMMARY: restrict su to non-root users?

From: dwillard@scires.com
Date: Wed Aug 02 1995 - 00:25:55 CDT


     
Well, sort of. First my original question....
     
> Is there a way to set things up so that no one (except maybe root)
> could 'su' to a particular user? I'm aware that you can do this with root,
> i.e. set things up so that so when someone tries to su, they get a message
> like "You do not have permission to su to root." I'd like to be able to do
> this with other users...
>
> BTW, I'm (still) using SunOS 4.1.3....

Well, apparently my question wasn't clear enough, because I didn't get the
answer I was looking for. I did receive about 10 replies (+ about 3 me too's),
but most of them answered a question I didn't mean to ask. Several people told
me how to do what I mentioned above, (ie restrict who su's to root), but as I
said, I was aware of that already; I wanted to do something different....

Others mentioned various uses of chmod and chown to restrict who uses su.
Again, a legitimate solution, but not to the question I was asking...

Still others mentioned writing a script or a program to accomplish various
things. Closer to the mark, and something I may investigate when I have time,
but I was hoping for something quicker...(I'm not only the sysadmin, I'm also an
end-user...)

So, I'll try to rephrase my question in the form of an answer (or something like
that), and if anyone has a suggestion beyond what I've mentioned above, bring it
on...

First of all I do NOT want to:
1. restrict su to root (I know how to do that with the wheel group....)
2. restrict use of su (to any user, not just root) to a particular user or group
of users (Again, I know how to do this; ownership/permission changes to /bin/su
will handle it)
3. deny use of /bin/su to everyone

Ok, having said that, maybe I can get across what I _am_ trying to do....

I have created a user account that will be used for software testing. For
reasons I won't go into here, I do not want other users to su to this user.

As I tried to say originally, this is similar to the situation where you don't
want anyone to be able to su to root (which we know how to do....), except that
the user is NOT root. I was hoping there was an easy way to accomplish this,
much as is the case for root. I do NOT want to turn off su altogether, just
keep people from becoming a particular user (who isn't root).

I hope that is a little clearer. It's not the easy question everybody thought
it was the first time I asked it... Thanks anyway to those who did respond the
first time, and, should I get any more responses this time around, I'll
summarize again.

Thanks!
David Willard
dwillard@scires.com



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:30 CDT