disable su Post: 302076621

Sponsored Content

Top Forums UNIX for Dummies Questions & Answers disable su Post 302076621 by hegemaro on Wednesday 14th of June 2006 03:26:21 PM

06-14-2006

Registered User

You can simply removed the execute attribute from su preventing anyone from running it. However, may I suggest limiting it usage?

For example, on my Solaris 8 servers, all system administrators have a primary group of sysadmin (gid 14). The permissions of su have been changed such that only members of that group can execute su. Historically, the wheel account has been used to limit su(1M) access but the sysadmin group is not used by any other Solaris package. It also makes sense.

Code:

    # cd /usr/bin
    # ls -la su
    -r-sr-xr-x   1 root     sys        21192 Jun 15 14:42 su
    # /usr/bin/chgrp sysadmin su
    # /usr/bin/chmod 04750 su
    # ls -la su
    -rwsr-x---   1 root     sysadmin   21192 Jun 15 14:42 su
    # cd /sbin
    # ls -la su.static
    -r-xr-xr-x   1 root     sys       524372 Jun 15 14:42 su.static
    # /usr/bin/chgrp sysadmin su.static
    # /usr/bin/chmod 04750 su.static
    # ls -la su.static
    -rwsr-x---   1 root     sysadmin  524372 Jun 15 14:42 su.static

With a few customizations, I'm sure it will work for your OS as well.

hegemaro

View Public Profile for hegemaro

Find all posts by hegemaro

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Disable X

Im sure this is somthing easy to do but i just can not figure it out where and how would i take X out of the boot for hp ux 11 i looked in the man's and nothing so maybe sombody could throw me a bone... thanks BB

2. Solaris

Disable X window

I access my Sun box via ssh, and i dont need to x Window system at all, and everytime if i couldnt type user name and password fast enough its try to load the Java desktop, how can i disable X-Window login and make it stop at console login prompt ? thanks.

3. Solaris

How to disable SU right

Anyone know how to disable SU right for a particular user in Solaris 8

4. AIX

disable port

Is there a command to disable/enable a port? I want to disable a port from a script and don't want to edit the /etc/inetd /etc/services file.

5. Shell Programming and Scripting

How to disable Enable/Disable Tab Key

Hi All, I have bash script, so what is sintax script in bash for Enable and Disable Tab Key. Thanks for your help.:( Thanks, Rico

6. Solaris

Printer always disable itself

Hi, I am using solaris 10, 1 of the printers encounter some issue and it is always disable itself and dont know why? any idea how to make it auto enable back to normal? is there any configuration or scripts?? kindly advise me. thanks.

7. HP-UX

Disable Setuid in HP-UX

Hi All, How to prevent root user from doing setuid(). In otherwords, if the root(any user) is trying to do setuid in a program it should fail.

8. UNIX for Dummies Questions & Answers

How to disable X windows?

I have modified /etc/inittab file for changing default runlevel from 5 to 3 . Now i can boot in terminal mode .However if i issue init 5 i get a X window. How would i disable loading X? do i need to disable some services? P.S. What is Xvfb? How would i disable it? My Distribution Details. #...

9. Red Hat

SSL/TLS renegotiation DoS -how to disable? Is it advisable to disable?

Hi all Expertise, I have following issue to solve, SSL / TLS Renegotiation DoS (low) 222.225.12.13 Ease of Exploitation Moderate Port 443/tcp Family Miscellaneous Following is the problem description:------------------ Description The remote service encrypts traffic using TLS / SSL and...

10. UNIX for Advanced & Expert Users

Disable rm -rf * or rm -rf / in Cent OS

Can some one suggest me the way to disable " rm -rf * " or " rm -rf / " command execution permanently from the server. Any suggestion will be very much helpful .

LEARN ABOUT X11R4

gzexe

GZEXE(1)                                                      General Commands Manual                                                     GZEXE(1)

NAME

       gzexe - compress executable files in place

SYNOPSIS

       gzexe name ...

DESCRIPTION

       The  gzexe  utility  allows you to compress executables in place and have them automatically uncompress and execute when you run them (at a
       penalty in performance).  For example if you execute ``gzexe /usr/bin/gdb'' it will create the following two files:
           -rwxr-xr-x  1 root root 1026675 Jun  7 13:53 /usr/bin/gdb
           -rwxr-xr-x  1 root root 2304524 May 30 13:02 /usr/bin/gdb~
       /usr/bin/gdb~ is the original file and /usr/bin/gdb is the self-uncompressing executable file.  You can remove /usr/bin/gdb~ once  you  are
       sure that /usr/bin/gdb works properly.

       This utility is most useful on systems with very small disks.

OPTIONS

       -d     Decompress the given executables instead of compressing them.

SEE ALSO

       gzip(1), znew(1), zmore(1), zcmp(1), zforce(1)

CAVEATS

       The  compressed executable is a shell script.  This may create some security holes.  In particular, the compressed executable relies on the
       PATH environment variable to find gzip and some standard utilities (basename, chmod, ln, mkdir, mktemp, rm, sleep, and tail).

BUGS

       gzexe attempts to retain the original file attributes on the compressed executable, but you may have to fix them manually  in  some  cases,
       using chmod or chown.

                                                                                                                                          GZEXE(1)

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Disable X

Discussion started by: bbutler3295

2. Solaris

Disable X window

Discussion started by: XP_2600

3. Solaris

How to disable SU right

Discussion started by: civic2005

4. AIX

disable port

Discussion started by: daveisme