11-04-2001
Hi xyyz,
You could lock down the actual binary and only give execute permissions to what ever group you want. For example, below you said you have a sysadmin group. You could do this to su:
chown root:sysadmin su
chmod 550 su
I don't know what side effects there could be from doing this as I haven't tried it. Default perms on my box are -r-sr-xr-x, which kind of implies that there may be a reason everyone has execute by default.
If that doesn't work for you there is always pam or sudo.
TioTony
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hi,
When typing the command ps -fe.the system is showing a process called SYSCON:confused:....
I am not sure what process is that.I hava a script that kills all command staring with 'sys' but i don't want to kill syscon:( since i think it is some system process:confused:
.Please help me to find... (1 Reply)
Discussion started by: kiranjose85
1 Replies
2. UNIX for Dummies Questions & Answers
Hello,
I am new to this forums and this is my first "asking help" message!
i have 2 problems:
1- for unknown reasons the "source" command is not avalable in my system (UBUNTU). i can't either see it in my bin directory!
2- again for unknown reasons the "login.cl" file in the home... (0 Replies)
Discussion started by: astrosona
0 Replies
3. UNIX for Dummies Questions & Answers
Hi!!..
I would like to know what is maximum character size for a command in the "sh" or "bourne" shell?
Thanks in advance..
Roshan. (1 Reply)
Discussion started by: Roshan1286
1 Replies
4. UNIX for Advanced & Expert Users
Hi!!..
I would like to know what is maximum character size for a command in the "sh" or "bourne" shell?
Thanks in advance..
Roshan. (1 Reply)
Discussion started by: Roshan1286
1 Replies
5. Shell Programming and Scripting
Hi!!..
I would like to know what is maximum character size for a command in the "sh" or "bourne" shell?
Thanks in advance..
Roshan. (1 Reply)
Discussion started by: Roshan1286
1 Replies
6. UNIX for Dummies Questions & Answers
Hi:
How can I remove my own post?
Thanks. (2 Replies)
Discussion started by: phil518
2 Replies
7. Shell Programming and Scripting
Hi,
I have line in input file as below:
3G_CENTRAL;INDONESIA_(M)_TELKOMSEL;SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL
My expected output for line in the file must be :
"1-Radon1-cMOC_deg"|"LDIndex"|"3G_CENTRAL|INDONESIA_(M)_TELKOMSEL"|LAST|"SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL"
Can someone... (7 Replies)
Discussion started by: shis100
7 Replies
8. UNIX for Dummies Questions & Answers
I am trying to find lines in a text file larger than 3 Gb that start with a given string. My command looks like this:
$ look "string" "/home/patrick/filename.txt"
However, this gives me the following message:
"look: /home/patrick/filename.txt: File too large"
So, I have two... (14 Replies)
Discussion started by: shishong
14 Replies
9. UNIX for Dummies Questions & Answers
How to use "mailx" command to do e-mail reading the input file containing email address, where column 1 has name and column 2 containing “To” e-mail address
and column 3 contains “cc” e-mail address to include with same email.
Sample input file, email.txt
Below is an sample code where... (2 Replies)
Discussion started by: asjaiswal
2 Replies
10. Shell Programming and Scripting
Hello.
System : opensuse leap 42.3
I have a bash script that build a text file.
I would like the last command doing :
print_cmd -o page-left=43 -o page-right=22 -o page-top=28 -o page-bottom=43 -o font=LatinModernMono12:regular:9 some_file.txt
where :
print_cmd ::= some printing... (1 Reply)
Discussion started by: jcdole
1 Replies
LEARN ABOUT DEBIAN
pam_group
PAM_GROUP(8) Linux-PAM Manual PAM_GROUP(8)
NAME
pam_group - PAM module for group access
SYNOPSIS
pam_group.so
DESCRIPTION
The pam_group PAM module does not authenticate the user, but instead it grants group memberships (in the credential setting phase of the
authentication module) to the user. Such memberships are based on the service they are applying for.
By default rules for group memberships are taken from config file /etc/security/group.conf.
This module's usefulness relies on the file-systems accessible to the user. The point being that once granted the membership of a group,
the user may attempt to create a setgid binary with a restricted group ownership. Later, when the user is not given membership to this
group, they can recover group membership with the precompiled binary. The reason that the file-systems that the user has access to are so
significant, is the fact that when a system is mounted nosuid the user is unable to create or execute such a binary file. For this module
to provide any level of security, all file-systems that the user has write access to should be mounted nosuid.
The pam_group module functions in parallel with the /etc/group file. If the user is granted any groups based on the behavior of this
module, they are granted in addition to those entries /etc/group (or equivalent).
OPTIONS
This module does not recognise any options.
MODULE TYPES PROVIDED
Only the auth module type is provided.
RETURN VALUES
PAM_SUCCESS
group membership was granted.
PAM_ABORT
Not all relevant data could be gotten.
PAM_BUF_ERR
Memory buffer error.
PAM_CRED_ERR
Group membership was not granted.
PAM_IGNORE
pam_sm_authenticate was called which does nothing.
PAM_USER_UNKNOWN
The user is not known to the system.
FILES
/etc/security/group.conf
Default configuration file
SEE ALSO
group.conf(5), pam.d(5), pam(7).
AUTHORS
pam_group was written by Andrew G. Morgan <morgan@kernel.org>.
Linux-PAM Manual 06/04/2011 PAM_GROUP(8)