telnet & su

Date: Fri Feb 21 1997 - 09:08:56 CST

  Hi managers,
  original question is :
> I want to protect users from using su command that connect my machine by telnet. How can I achieve this?

  Thanks all to respond my question in a shorttime,especially;

1)change the protections from 4555 to 450
        chmod 4550 su
   put any user you want to have access to su
   into group sys
   note: this is based on solaris 2.5 group may be
      different on sunos
2)I would look into sudo as an aid here...
3)If you're in Solaris, go into /etc/default/login and uncomment the line

  # If CONSOLE is set, root can only login on that device.
  # Comment this line out to allow remote login by root.
4)The standard answer is:
  Create an 'su' group,
  assign everyone that you want to have access to that group,
  chgrp the su executable to that group,
  chmod the su executable to disable its use by 'others'.
  For the typical Solaris platform, it is:
        /usr/sbin/groupadd -g GID su
        /usr/sbin/useradd -G GID user1
        /usr/sbin/useradd -G GID user2
        /usr/bin/chgrp su /usr/bin/su
        /usr/bin/chmod o-a /usr/bin/su

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:46 CDT