07-25-2012
I would disable users who are not in wheel from using su and this would atleast force a user to sudo with their username.
Depending on your distro you need to look into something along the lines of pam.d/su and changing it to only accept wheel membership to allow su access.
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
folks;
I just did setup sudo on Solaris 10 through "sudoer" file.
Now, i try to look at the log files to see any user activities under /var/log/syslog & all i see if someone try to run "sudo -u root tcsh" & got an error or was successful. But i don't see any activities, for example:
if a user... (0 Replies)
Discussion started by: Katkota
0 Replies
2. UNIX for Dummies Questions & Answers
Hi! I'm very new to unix, so please keep that in mind with the level of language used if you choose to help :D Thanks!
When attempting to use sudo on and AIX machine with oslevel 5.1.0.0, I get the following error:
exec(): 0509-036 Cannot load program sudo because of the following errors:... (1 Reply)
Discussion started by: Chloe123
1 Replies
3. Cybersecurity
we are looking at changing the way we get root on our network.
in our current system if an admin needs root access he just gets the root password and uses an su.
some of our staff have decided that a sudo to "/bin/sh" will be easer.
some of our staff think a sudo to "su -" will be better.
I... (0 Replies)
Discussion started by: robsonde
0 Replies
4. AIX
Sudo In AIX, how to find out what commands have been run after a user sudo to another user? for example, user sam run 'sudo -u robert ksh' then run some commands, how can I (as root) find what commands have been run?
sudo.log only contains sudo event, no activity logging. (3 Replies)
Discussion started by: jalite19
3 Replies
5. Shell Programming and Scripting
I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this:
#!/bin/bash
rsync /path/on/local/machine/ foo.com:path/on/remote/machine/
ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies
6. Shell Programming and Scripting
Hi All,
I running a unix command using sudo option inside shell script. Its working well. But in crontab the same command is not working and its throwing
"sudo: sorry, you must have a tty to run sudo". I do not have root permission to add or change settings for my userid. I can not even ask... (9 Replies)
Discussion started by: Apple1221
9 Replies
7. Shell Programming and Scripting
Hi, Have a need to run the below command as a "karuser" from a java class which will is running as "root" user. When we are trying to run the below command from java code getting the below error.
Command:
sudo -u karuser -s /bin/bash /bank/karunix/bin/build_cycles.sh
Error:
sudo: sorry,... (8 Replies)
Discussion started by: Satyak
8 Replies
8. UNIX for Dummies Questions & Answers
hi,
i have installed sudo now want to create sudo log file to capture every sudo event like "if any user does sudo and then runs a command line, this all must be captured who did what" kindly assist
plantform:- linux RHEL, soalris 10 (1 Reply)
Discussion started by: firozk679
1 Replies
9. Shell Programming and Scripting
It is crazy when you just entered a command example sudo or su or even ps. It will flood your /var/log/messages. Please see duplicate entries except for the pid. At 1 specific time.
Thanks
$ cat b
Jan 13 17:09:05 SERVER1 bash: user1 as root:
Jan 13 17:09:05 SERVER1 bash: user1 as root:
Jan... (3 Replies)
Discussion started by: invinzin21
3 Replies
LEARN ABOUT MOJAVE
pam_group
pam_group(8) BSD System Manager's Manual pam_group(8)
NAME
pam_group -- Group PAM module
SYNOPSIS
[service-name] function-class control-flag pam_group [options]
DESCRIPTION
The Group PAM module supports the account management function class. In terms of the function-class parameter, this is the ``account''
class.
The Group account management module permits or denies users based on their membership to a particular group (or groups) specified with the
group option. If no groups are specified the default group (``wheel'') will be used.
The following options may be passed to this account management module:
deny Reverse the meaning of the test, i.e., reject the applicant if and only if he or she is a member of the specified group. This
can be useful to exclude certain groups of users from certain services.
fail_safe If the specified group does not exist, or has no members, act as if it does exist and the applicant is a member.
group=groupname
Specify the name of the group to check. This can be a comma-separated list (i.e. ``group=admin,wheel'').
root_only Skip this module entirely if the target account is not the superuser account.
ruser Check the membership of the applicant (PAM_RUSER), rather than the target account (PAM_USER)
SEE ALSO
pam_get_item(3), pam.conf(5), pam(8), DirectoryService(8)
AUTHORS
The pam_group module and this manual page were developed for the FreeBSD Project by ThinkSec AS and NAI Labs, the Security Research Division
of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as part of the DARPA CHATS research program.
BSD
February 7, 2009 BSD