On Thursday 15 April 2004 14:09, Daniel J Walsh wrote: > Nic¤ wrote: > >Hi all. > > > >Is there a way to easily configure the policy to allow > >an unprivileged user to execute the su command. > > > >By default, this is not allowed ! > > By default it is allowed, there is a tunable to turn this off, but a > normal user should be able to su. Mmmm .. I wonder if it can be fine tuned enough so that a user could su to another regular user but not root or any user with sysadm_r capability? At the same time, a user with a sysadm_r capability could su to anyone. That might be an interesting capability to have. Gene
