You are not logged in.
- Topics: Active | Unanswered
#1 2008-08-09 04:07:02
- marcosmiklos
- Member
- From: São Paulo - BR
- Registered: 2008-07-25
- Posts: 4
Conflict with suauth and pam [Solved]
It's difficult to solve 
Well, I need do allow access to one, only one, user on ssh,
but I need to block 'su' from this user to root, but allow 'su' from this user to other users (the ssh-user will be able to su into other users, but no root)
Example: I access the machine with the 'guestssh' user, and give the 'su', 'su -' or 'su root' command, it should not allow the change (giving the wrong password output or something like that), but if I give the 'su marcos' (that is on the wheel group), it should allow the user change from guestssh to marcos.
The /etc/suauth file do not apply the root:ALL EXCEPT GROUP wheel:DENY restriction
How can I make this work? I can't just apply the restrictions on the wheel group because it would not allow any other 'su' operations (such 'su marcos').
Last edited by marcosmiklos (2008-08-09 06:46:39)
Offline
#2 2008-08-09 06:45:25
- marcosmiklos
- Member
- From: São Paulo - BR
- Registered: 2008-07-25
- Posts: 4
Re: Conflict with suauth and pam [Solved]
It seems like a lot of people are having the same problem, so I'll post the solution here.
Add the following line after the commented out lines in the /etc/pam.d/su file.
#only permit root access to members of group wheel
auth required pam_wheel.so root_only use_uid
For more information: http://www.kernel.org/pub/linux/libs/pa … wheel.html
Last edited by marcosmiklos (2008-08-09 07:19:20)
Offline