There are at least 2 reasons I can think of why I don't like to go this route and why I can't do it: 1) I don't like to change permissions of 3rd party products 2) And sometimes you can't do it. E.g Oracle's utility "sqlplus" needs to be executed by the application developers but you want to prevent them from su-ing to dba. And in addition you can't change the group ownership of sqlplus. On Sat, 27 Jan 2001, Wil Cooley wrote: > On Sat, Jan 27, 2001 at 11:16:57PM -0500, Werner wrote: > > > > Hi, > > > > I can use the wheel module to prevent users from su-ing to root. > > But how can I prevent users from su-ing to non-root accounts > > like to a Linux database account. > > > > Take the world-execute bit off, and make sure it's has group 'wheel', > so your admins can still exec it. > > Wil >
