If you disallow root login, you could let users log in as their regular id, then use sudo to control what root access is allowed or PAM to control who can su to what other accounts.
You can also improve this by:
1. chown root.wheel /bin/su
2. chmod 4750 /bin/su
3. Add the users who are authorized to become root to the wheel group with "gpasswd -a user wheel".
Now, only those users will have access to the "su" command. Other users may be given administrative privileges for one or more commands with the "sudo" command.
-- Rodolfo J. Paiz rpaiz@xxxxxxxxxxxxxx http://www.simpaticus.com
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
