Regular user doing su

Question

I'm using Ubuntu server 12.04. If a user is only a member of it's own group why he can still do su SOME_OTHER_USER ? Can I prevent this?

So.. they know the other user's password? – Shane Madden Aug 25 '12 at 22:03 — Shane Madden, Aug 25 '12 at 22:03

score 1 · Answer 1 · answered Aug 24 '12 at 11:19

If you don't want the a user can execute "su" you can set the owner of it to "root" and the chmod to 700. Than only root can execute it.

If you want users of a special group to execute "su" you can set the group of it to - lets say - "wheel". And the chmod to 770. And put all users that have to execute "su" into the wheel group.

score 1 · Accepted Answer · answered Aug 24 '12 at 11:51

1

I found a solution that I like a lot:

sudo groupadd nosu
sudo usermod -a -G nosu USERNAME
sudo vi /etc/pam.d/su
uncomment line:

auth required pam_wheel.so deny group=nosu

answered Aug 24 '12 at 11:51

Kovica

113
2

score 0 · Answer 3 · answered Aug 24 '12 at 11:18

0

I can think of two obvious explanations:

User still retains a login that was created before the user was removed from a group giving privilege
User is explicitly listed i /etc/sudoers

answered Aug 24 '12 at 11:18

Bittrance

3,070
3
24
27

1.) The user is no longer logged in. 2.) User is not in sudoers file – Kovica Aug 24 '12 at 11:48

Regular user doing su

3 Answers3