SUMMARY: restricting su to root

From: SYSTEM SUPPORT (SYSTEM_DJ@unode2.nswc.navy.mil)
Date: Thu Aug 03 1995 - 08:50:00 CDT


Date sent: 3-AUG-1995 08:48:02

The following is a response from Martin Williams regarding my question on
restricting su to root access to certain users. This and one other response
that I received said pretty much the same thing. There is no way to restrict
who can su to root.

Thanks for all of your responses!

************************************************************************
** Debbie Jordan **
** UNIX Systems/Network Administrator/Systems Programmer **
** Advance, Inc. (Naval Surface Warfare Center - Dahlgren Division) **
** P.O. Box 1870 **
** Dahlgren, VA 22448 **
** Internet: djordan@relay.nswc.navy.mil **
** Office: (540) 653-8705 **
** Fax: (540) 653-1810 **
************************************************************************

>
>Hi Debbie,
>Unfortunately...from Sun SRDB # 6065:
>
>
>SYNOPSIS: cannot prevent users from su to root in Solaris 2.x
>
>DETAIL DESCRIPTION:
>
>
>In SunOS 4.x, a system administrator was able to limit the ability to su to
>root. This was accomplished adding users to the wheel group in the /etc/group
>file. Only users in the wheel group could su to root. If there are no users
>in the wheel group, then any user may su to root if they know the password.
>
>In SunOS 5.x, this is no longer the case. There is no wheel group.
>
>
>
>SOLUTION SUMMARY:
>
>
>There is no way to restrict users from su'ing to root in Solaris 2.x
>(SunOS 5.x).
>
>Sorry to be the bearer of bad tidings, it seems like a bit of a backward step to me.
>Cheers
>Martin
>--------------------------------------------------------------------------------
>Martin J.G. Williams Email: Martin.Williams@research.natpower.co.uk
>UNIX Support Group Tel: +44 (0)1793 896177
>The Electron Building
>National Power Plc.
>Windmill Hill Business Park, Whitehill Way, Swindon, Wiltshire, SN5 6PB
>--------------------------------------------------------------------------------
>"Captain, whilst you make an excellent Starship Commander, your abilities
>as a taxi driver leave much to be desired." - Spock - A Piece of the Action
>--------------------------------------------------------------------------------
>#include "std_disclaimer.h"
>
>
>>
>> Date sent: 2-AUG-1995 10:33:45
>>
>> Hello Solaris gurus!!
>>
>>
>> Could someone tell me how to control "su" to root access to certain
>> individuals. I am running Solaris 2.3 and Solaris 2.4. I have been told that
>> the "wheel" group no longer exists in Solaris 2.3 or 2.4. This was the method
>> we used while using SunOS 4.1.3. Again, I want to be able to restrict who can
>> "su" to root.
>>



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:30 CDT