Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Restricting use of su - (Solaris 11)
Operating Systems Solaris Restricting use of su - (Solaris 11) Post 303004210 by psychocandy on Thursday 28th of September 2017 04:47:21 AM
Old 09-28-2017
Restricting use of su - (Solaris 11)
OK. So I can prevent remote systems from logging in as root by uncommenting the CONSOLE entry /etc/default/login.

BUT, is there a way to stop su - (when already logged in as own user)?

The way we do it is to set up sudoers so users who need access can do sudo su -
 

10 More Discussions You Might Find Interesting

1. Cybersecurity

restricting access...

restricted access... Hi I need to restrict users shell access to only $HOME under /home for each user. I don't want them getting out of their own directories. From what I understand chroot is something I could use, but I want to avoid this since it involves creating symbolic links to a number... (9 Replies)
Discussion started by: alwayslearningunix
9 Replies

2. UNIX for Dummies Questions & Answers

Restricting access

I need to create a user that only has access to 1 directory (e.g. /vol/mita/test). The user needs to be able to rsh into that directory to run a script. The user should not be able to navigate to any other directories above /vol/mita/test. Any help would be appreciated! (4 Replies)
Discussion started by: ngagne
4 Replies

3. Solaris

restricting access

Hi All, I'm on Solaris 8, I need to provide Read-only access to a user to 2 directories only. Using rsh (restricted shell) as the user's login shell, I can restrict the user's access to a certain directory only, but how can I set in such a way that the user can access only the 2 directories... (4 Replies)
Discussion started by: max_min
4 Replies

4. Solaris

restricting access to a server

We want to secure access to a server by restricting the number of users who can login to it. Our users are NIS users. Only few of them can telnet/ssh this server. Do you have any idea on how to implement that? thanks. (1 Reply)
Discussion started by: melanie_pfefer
1 Replies

5. Linux

Restricting IPs on Linux?

I have a need to allow only certain IP addresses to access a machine running Linux. I don't know how would i do it, not an expert at CMD? Thanks in advance for your help. (2 Replies)
Discussion started by: waqaslone
2 Replies

6. UNIX for Dummies Questions & Answers

Restricting SSH usage

Hello, For one of our servers, we have had people trying to illegally loggon using the ssh service. My manager has asked me to restrict ssh access to users in our internal network but close ssh access to the "outside" world. Could someone at the very least point me to some resources on the... (7 Replies)
Discussion started by: mojoman
7 Replies

7. UNIX for Advanced & Expert Users

Restricting access to code

Hi All, I am facing a problem, regarding code security on a server. We have configured a server which contains our code (ear present in jboss/server/xyz/deploy) in it, and need to bind the code to the server itself so that no one can take the code out of the. the problem is that the password of... (3 Replies)
Discussion started by: akshay61286
3 Replies

8. UNIX for Dummies Questions & Answers

Restricting SFTP access

Hello, I am using MySecureShell to chroot all sftp accesses. The problem that I have is that my boss does not want root to be able to use sftp. Root should still be able to ssh. Any ideas? (2 Replies)
Discussion started by: mojoman
2 Replies

9. Shell Programming and Scripting

restricting users

how can i make my users to not use particular commands in the network like:wall....... pl z help me regarding this (1 Reply)
Discussion started by: yashwanthguru
1 Replies

10. UNIX for Dummies Questions & Answers

Restricting File List while doing ls

Is there any best way to restrict some of the listed files when you do ls. In the output i am doing grep -v wanted to see if i can use a better command to get this output. Command: > ls -lrt wf_Load_25.log.INSTANCE_21_20072.* -rw-r--r-- 1 infrmtca infrmtca 19373 Mar 12 14:14... (1 Reply)
Discussion started by: Ariean
1 Replies

LEARN ABOUT OPENSOLARIS

ftpusers

ftpusers(4)							   File Formats 						       ftpusers(4)

NAME

       ftpusers - file listing users to be disallowed ftp login privileges

SYNOPSIS

       /etc/ftpd/ftpusers

DESCRIPTION

       The ftpusers file lists users for whom ftp login privileges are disallowed. Each ftpuser entry is a single line of the form:

	 name

       where name is the user's login name.

       The FTP Server, in.ftpd(1M), reads the ftpusers file. If the login name of the user matches one of the entries listed, it rejects the login
       attempt.

       The ftpusers file has the following default configuration entries:

	 root
	 daemon
	 bin
	 sys
	 adm
	 lp
	 uccp
	 nuucp
	 smmsp
	 listen
	 nobody
	 noaccess
	 nobody4

       These entries match the default instantiated entries from passwd(4). The list of default entries typically contains the superuser root  and
       other administrative and system application identities.

       The  root entry is included in the ftpusers file as a security measure since the default policy is to disallow remote logins for this iden-
       tity. This policy is also set in the default value of the CONSOLE entry in the /etc/default/login file. See login(1).  If  you  allow  root
       login  privileges  by  deleting the root entry in ftpusers, you should also modify the security policy in /etc/default/login to reflect the
       site security policy for remote login access by root.

       Other default entries are administrative identities that are typically assumed by system applications but never used for  local	or  remote
       login,  for  example sys and nobody. Since these entries do not have a valid password field instantiated in shadow(4), no login can be per-
       formed.

       If a site adds similar administrative or system application identities in passwd(4) and shadow(4), for example, majordomo, the site  should
       consider including them in the ftpusers file for a consistent security policy.

       Lines that begin with # are treated as comment lines and are ignored.

FILES

       /etc/ftpd/ftpusers    A file that lists users for whom ftp login privileges are disallowed.

       /etc/ftpusers	     See /etc/ftpd/ftpusers. This file is deprecated, although its use is still supported.

       /etc/default/login

       /etc/passwd	     password file

       /etc/shadow	     shadow password file

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWftpr			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |See below.		   |
       +-----------------------------+-----------------------------+

       The interface stability for /etc/ftpd/ftpusers is Volatile. The interface stability for /etc/ftpusers is (Obsolete).

SEE ALSO

       login(1), in.ftpd(1M), ftpaccess(4), ftphosts(4), passwd(4), shadow(4), attributes(5), environ(5)

SunOS 5.11							    1 May 2003							       ftpusers(4)
All times are GMT -4. The time now is 05:10 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy