On Thu, Mar 28, 2002 at 04:35:21PM -0800, Petro wrote: > On Thu, Mar 28, 2002 at 11:01:23AM -0800, James Bagley Jr wrote: > > Hey all, > > > > I have users that need root access to their workstations. Reading the pam > > documentation for the pam_wheel module it sounds like I can allow them to > > 'su -' without entering a password. This is ideal because I don't want to > > give them that root password, i'd rather keep that to myself. Problem is, > > it doesn't work. I'm using red hat 7.2. Here is the contents of > > /etc/pam.d/su: > > Sudo is a much better tool for this. > > However, if they have root access (which su - is), they can simply > change the root password. not to mention if they really want to find out what the root password is they can simply trojan su, login or anything else to log everything. > Sudo, properly configured can help to solve that problem. true, but its quite difficult, especially if you need to grant somewhat liberal root access. it sounds to me like managment has demanded the ability to get a root shell with no fuss, under these circumstances all is lost anyway and you may as well give them the root password, or just throw in the towel and run chmod -R 6777 / to give them what they really want (Windows emulation). -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgp00042.pgp
Description: PGP signature
