On Fri, 2005-12-09 at 11:59 +0500, Sergey wrote: > Long time ago I decided to protect my system by allowing *ONLY* users in wheel > group to su to root. This allows to protect the system. Regardless where you > know the root password or not - you can not su as long as system > administrator does not put you into wheel group. > > As I know this is the default behaviour of FreeBSD. > > In redhat you do it by uncommenting line in /etc/pam.d/su > > # Uncomment the following line to require a user to be in the "wheel" group. > auth required /lib/security/$ISA/pam_wheel.so use_uid > > This protects both su and kdesu. > > What do you think? This is useless - it does not protect the system at all, as > I've thought for a long time. > > System-config-users utility - a little program to manage users has *NOTHING*, > not even a little mention anywhere, that it breaks the security. > So, add the same line to /etc/pam.d/system-config-users Otherwise, all you have done is to change the handling of security for the "su" executable, nothing else. Cheers, Ben
