su: blacklist users

[Tim Wunder]

On Friday 26 May 2006 11:36 am, Net Llama! wrote:
> On Fri, 26 May 2006, Dominic Lepiane wrote:
> > On May 25, 2006 09:04 pm, Man-wai CHANG wrote:
> > > > So far as I know, the best way to control access to who has access to
> > > > super-user privileges is with "sudo".  My understanding is that what
> > > > sudo is for.
> > >
> > > sudo is no replacement for su. It's not convenient if you have lots of
> > > commands to run.
> >
> > $ sudo su
> > # uname
> > # cd
> > # ls
> > # ^D
> > $
> >
> > ?
> >
> > Do not be under the misaprehension that sudo limits the commands a user
> > can run as the super-user.  It grants super-user access.  That's what it
> > does and
>
> Because it does.  sudo can be configured to restrict the commands that a
> user can run.  Just because your system hasn't been restricted in that
> fashion doesn't mean its not possible.

Indeed. There are things I've let myself do via sudo that require me to enter 
my password (sudo vi, for example). Other things I can just do, without 
password (sudo yum update, for example). And still other things I need to 
su - to do.

I cannot sudo su on my system. 

sudo can largely be configured to be as restrictive, or unrestrictive as you 
want. 'man sudoers'

Tim
-- 
Fedora Core release 4 (Stentz), Linux 2.6.16-tim
KDE: 3.5.2-7.0.fc4.kde, xorg-x11-6.8.2-37.FC4.49.2.1
 11:40:04 up 20:33,  0 users,  load average: 2.02, 2.11, 1.82
MP3/OGG archive Total playlength : 8 days, 0 hours, 46 mins 24 seconds
"It's what you learn after you know it all that counts" John Wooden
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://mail.linux-sxs.org/pipermail/linux-users/attachments/20060526/ca4bdb01/attachment.pgp