You are not logged in.
It's difficult to solve
Well, I need do allow access to one, only one, user on ssh,
but I need to block 'su' from this user to root, but allow 'su' from this user to other users (the ssh-user will be able to su into other users, but no root)
Example: I access the machine with the 'guestssh' user, and give the 'su', 'su -' or 'su root' command, it should not allow the change (giving the wrong password output or something like that), but if I give the 'su marcos' (that is on the wheel group), it should allow the user change from guestssh to marcos.
The /etc/suauth file do not apply the root:ALL EXCEPT GROUP wheel:DENY restriction
How can I make this work? I can't just apply the restrictions on the wheel group because it would not allow any other 'su' operations (such 'su marcos').
Last edited by marcosmiklos (2008-08-09 06:46:39)
Offline
It seems like a lot of people are having the same problem, so I'll post the solution here.
Add the following line after the commented out lines in the /etc/pam.d/su file.
#only permit root access to members of group wheel
auth required pam_wheel.so root_only use_uid
For more information: http://www.kernel.org/pub/linux/libs/pa … wheel.html
Last edited by marcosmiklos (2008-08-09 07:19:20)
Offline