Thanks for the answer, but... I found a bit difficult to understand the file... could u give me some hints on how to configure it?? I leave the output: [root@vmrhel4 ~]# cat /etc/pam.d/su #%PAM-1.0 auth sufficient /lib/security/$ISA/pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. #auth required /lib/security/$ISA/pam_wheel.so use_uid auth required /lib/security/$ISA/pam_stack.so service=system-auth account sufficient /lib/security/$ISA/pam_succeed_if.so uid = 0 use_uid quiet account required /lib/security/$ISA/pam_stack.so service=system-auth password required /lib/security/$ISA/pam_stack.so service=system-auth # pam_selinux.so close must be first session rule session required /lib/security/$ISA/pam_selinux.so close session required /lib/security/$ISA/pam_stack.so service=system-auth # pam_selinux.so open and pam_xauth must be last two session rules session required /lib/security/$ISA/pam_selinux.so open session optional /lib/security/$ISA/pam_xauth.so > From: daniel.carrillo@xxxxxxxxx > Date: Thu, 4 Jun 2009 13:00:03 +0200 > To: redhat-list@xxxxxxxxxx > Subject: Re: deny su - root > > 2009/6/4 Matias Nicolas <matiasnicolas@xxxxxxxxxx>: > > > > hello everybody. I wannna know something... I want to deny the su - root to the users in the system. i don't know how to do that... does somebody know how to do that?? > > > > > > > > Ex: I got 5 users (user1 user2 user3 user4 mine) I dont want them to do su - root. Let's let user2 do su - root And I (the administrator) want to login as root when i get the "login as:" prompt. Is there any possibility to do that?? > > You can edit /etc/pam.d/su and follow the instructions from commented lines. > > Basically, you can restrict use of su, to the users in group wheel. > > BR. > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list _________________________________________________________________ Show them the way! Add maps and directions to your party invites. http://www.microsoft.com/windows/windowslive/products/events.aspx-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subjecthttps://www.redhat.com/mailman/listinfo/redhat-list
