Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: users cannot switch with "su" to another users
Operating Systems Linux Red Hat users cannot switch with "su" to another users Post 302707419 by jim mcnamara on Friday 28th of September 2012 02:09:20 PM
Old 09-28-2012
Have you tried using sudo (controlled by /etc/sudoers)? This provides fine-grained control.

However, what happens if a user in group "foo" then su - john, and john is in the wheel group?

In general, allowing lots of people the ability to su is a big security problem.
Last edited by rbatte1; 11-28-2016 at 11:34 AM..
 

6 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Want to create new users without using "useradd" command and user Interaction.

Don't want to use useradd command to create a new user I am doing manual addition of accounts. Actually I am writing a script and I am working on RedHat7.1 system. What I am trying to do is run the script and pass all the values of the username password and group as command line parameters. Now... (2 Replies)
Discussion started by: syedifti
2 Replies

2. UNIX for Dummies Questions & Answers

Limit "exploring" from users/groups

I have a unix box which runs as a webserver and ftp server. I have a user account for a friend and while I trust him, I noticed that he can view directories above his own "web" folder which is his default directory. I'm still trying to understand users/groups and privileges so bear with me if... (2 Replies)
Discussion started by: creyc
2 Replies

3. Shell Programming and Scripting

awk command to replace ";" with "|" and ""|" at diferent places in line of file

Hi, I have line in input file as below: 3G_CENTRAL;INDONESIA_(M)_TELKOMSEL;SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL My expected output for line in the file must be : "1-Radon1-cMOC_deg"|"LDIndex"|"3G_CENTRAL|INDONESIA_(M)_TELKOMSEL"|LAST|"SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL" Can someone... (7 Replies)
Discussion started by: shis100
7 Replies

4. HP-UX

"Synchronize" users/groups

Hello! I'm hoping for a bit of advice on this...we have a need to synchronize users/groups between a couple servers in widely separated locations (our main DC and a disaster-recovery DC). This only has to happen, at this stage, with one server in each location, and the synchronization only has... (5 Replies)
Discussion started by: KickstartUF
5 Replies

5. Solaris

SMC "Users" error

I get the following error on an Oracle T3 trying to use SMC. I launch SMC but when I try to use the "Users" function I get the following error: The "Users" application is not able to connect to the server. Reason:VER_ERROR. Verify the server is running. I have verified and restarted the server... (0 Replies)
Discussion started by: hydrashok158
0 Replies

6. Shell Programming and Scripting

Bash script - Print an ascii file using specific font "Latin Modern Mono 12" "regular" "9"

Hello. System : opensuse leap 42.3 I have a bash script that build a text file. I would like the last command doing : print_cmd -o page-left=43 -o page-right=22 -o page-top=28 -o page-bottom=43 -o font=LatinModernMono12:regular:9 some_file.txt where : print_cmd ::= some printing... (1 Reply)
Discussion started by: jcdole
1 Replies

LEARN ABOUT MOJAVE

gshadow

GSHADOW(5)						   File Formats and Conversions 						GSHADOW(5)

NAME

       gshadow - shadowed group file

DESCRIPTION

       /etc/gshadow contains the shadowed information for group accounts.

       This file must not be readable by regular users if password security is to be maintained.

       Each line of this file contains the following colon-separated fields:

       group name
	   It must be a valid group name, which exist on the system.

       encrypted password
	   Refer to crypt(3) for details on how this string is interpreted.

	   If the password field contains some string that is not a valid result of crypt(3), for instance ! or *, users will not be able to use a
	   unix password to access the group (but group members do not need the password).

	   The password is used when a user who is not a member of the group wants to gain the permissions of this group (see newgrp(1)).

	   This field may be empty, in which case only the group members can gain the group permissions.

	   A password field which starts with an exclamation mark means that the password is locked. The remaining characters on the line
	   represent the password field before the password was locked.

	   This password supersedes any password specified in /etc/group.

       administrators
	   It must be a comma-separated list of user names.

	   Administrators can change the password or the members of the group.

	   Administrators also have the same permissions as the members (see below).

       members
	   It must be a comma-separated list of user names.

	   Members can access the group without being prompted for a password.

	   You should use the same list of users as in /etc/group.

FILES

       /etc/group
	   Group account information.

       /etc/gshadow
	   Secure group account information.

SEE ALSO

       gpasswd(5), group(5), grpck(8), grpconv(8), newgrp(1).

shadow-utils 4.5						    01/25/2018								GSHADOW(5)
All times are GMT -4. The time now is 01:47 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy