1
in a linux system with
su -
any user (with root password) can get root privileges. how I can restrict to some users ?
// similar to AllowUsers
in sshd_config
1
in a linux system with
su -
any user (with root password) can get root privileges. how I can restrict to some users ?
// similar to AllowUsers
in sshd_config
7
You should not give the root password to users who do not need full root access.
Keep the root password secret and use sudo
to give restricted users access to just what they need (see man sudoers
for some examples)
3The best way to control it is not giving every user the root password. When you give them the root password, you have given up control over what they do. Anything that you do to stop them, they can undo. – EBGreen – 2012-04-04T15:12:38.100
1Yup, don't give them root password. If you want them to get restricted administrative privileges, use
sudo
with explicitly allowed binaries. This is still tricky, but at least you have some possibility to actually log what they are using their root privileges for (with maaany caveats if one is not careful). The solution to your specific question is: change the root password and only tell the ones who should have root access the new password. – Daniel Andersson – 2012-04-04T15:18:07.143Why GNU su does not support the ‘wheel’ group, by RMS – user1686 – 2012-04-04T16:27:39.833