View Single Post
  #3   (View Single Post)  
Old 22nd November 2008
lvlamb's Avatar
lvlamb lvlamb is offline
Real Name: Louis V. Lambrecht
Spam Deminer
 
Join Date: May 2008
Location: .be
Posts: 221
Default

You can prevent *anybody* to su to root.
As the admin, you would create an user for yourself and add yourself to the wheel group (and removed unwanted users).


Quote:
If group 0 (normally ``wheel'') has users listed then only those users
can su to ``root''. It is not sufficient to change a user's /etc/passwd
entry to add them to the ``wheel'' group; they must explicitly be listed
in /etc/group. If no one is in the ``wheel'' group, it is ignored, and
anyone who knows the root password is permitted to su to ``root''.
You would use sudo as it can be fine-tuned (20 pages man page) but the OpenBSD defaut /etc/sudoers is OK for most workstations: just visudo and un-comment what is needed.

Also note the difference between;
su
and su -l root
which simulates a full login.
You can achieve this for sudo but need to rtfm.
__________________
da more I know I know I know nuttin'
Reply With Quote