1
in a linux system with
su -
any user (with root password) can get root privileges. how I can restrict to some users ?
// similar to AllowUsers in sshd_config
juanpablo
Posted 2012-04-04T14:59:18.597
Reputation: 5 216
su - for some users
Answers
7
You should not give the root password to users who do not need full root access.
Keep the root password secret and use sudo to give restricted users access to just what they need (see man sudoers for some examples)
Matteo
Posted 2012-04-04T14:59:18.597
Reputation: 6 553
3The best way to control it is not giving every user the root password. When you give them the root password, you have given up control over what they do. Anything that you do to stop them, they can undo. – EBGreen – 2012-04-04T15:12:38.100
1Yup, don't give them root password. If you want them to get restricted administrative privileges, use
sudowith explicitly allowed binaries. This is still tricky, but at least you have some possibility to actually log what they are using their root privileges for (with maaany caveats if one is not careful). The solution to your specific question is: change the root password and only tell the ones who should have root access the new password. – Daniel Andersson – 2012-04-04T15:18:07.143Why GNU su does not support the ‘wheel’ group, by RMS – user1686 – 2012-04-04T16:27:39.833