On Sat, Sep 30, 2000 at 03:50:50PM -0500, Bret Hughes wrote:
> Thornton Prime wrote:
> > The 'wheel' group is normally the group that has root, or near root,
> > privleges. Some PAM configurations restrict su access to members of the
> > wheel group.
Uhhh... Not quite. The wheel group does not "have root, or near
root privileges". The only thing the wheel group has is the same thing
that EVERYONE has when the wheel group is not implimented. Members
of the wheel group can su to root. If the wheel groups is implimented,
people who are not a member of the wheel group have reduced privileges
(reduced by one - the ability to su to root).
Between properly using /etc/securetty to restrict remote logins
and wheel group to restrict unauthorized use of su, you can tighten
control down on who can use superuser and from where.
> Cool, Thanks. I will have to play with that and see what happens. I have
> setup sudo fo my id but that may be easier.
Sudo is another good alternative, just beware of some of the
gotcha's. If you grant someone sudo access to a single program which
has a shell escape, you might as well grant them full shell access.
> Bret
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
