su: blacklist users
David Bandel
david.bandel
Thu May 25 16:39:08 PDT 2006
On 5/25/06, A. Khattri <ajai at bway.net> wrote:
> On Thu, 25 May 2006, Man-wai CHANG wrote:
>
> >
> > Is there a way to deny specified users from calling su?
> >
>
> Yeah, dont ever give out su to anyone - tell them to use sudo.
Too bad that's not always practical. I don't have any clients that
prohibit ssh as root, but I have heard of many that do. In that case,
a remote administrator has no choice.
Better, as in my case, I give my clients my public key and I explain
to them how to install it. I then ssh in as root without needing to
ever know the password. That could also work on a local box. Those
worried about the ssh exploits (mostly dictionary attacks) can use
iptables to restrict the IP from whence these folks can connect, so
the attacks coming from Italy and Rumania would just hit a brick wall.
But good passwords work just as well.
Ciao,
David A. Bandel
--
Focus on the dream, not the competition.
- Nemesis Air Racing Team motto
More information about the Linux-users
mailing list