How do I stop user's from "su" into accounts even if they know the password in Solaris?

Posted on 2009-12-24
Last Modified: 2013-12-21
Is there a way to stop user's from accessing account's even if they know the password's? We have user's "su" all over the place.Is there a way to prevent this with sudo, rbac or something else? If not how can I make an existing account a RBAC for group access?
Question by:Sultaana43
    LVL 40

    Accepted Solution

    you can simply remove the execute / run priv from the command su

    Author Comment

    Hi Omarfarid. Can you show me the steps? I have not worked with "SU." Thanks.
    LVL 26

    Assisted Solution

    Taking it a step further:

    You could change it's group, to one only specific bodies have access to, and then remove public execute access e.g.

    /usr/sbin/groupadd -g 123   theGods
    chgrp  theGods /usr/bin/su  /sbin/su.static
    chmod a-x        /usr/bin/su   /sbin/su.static

    You could also grant access via /etc/sudoer or an Solaris RBAC role.
    LVL 40

    Assisted Solution

    I think you could revoke the execute perm for others by running

    chmod o=0 /usr/bin/su

    I would not change the group ownership or priv. since it could impact system users

    Author Comment

    Hi Guys. How do I change the gid back to root's? No one can su to root.

    ls -l /usr/bin/su
    -rwxr-x---   1 root     testgrp    25728 Feb 12  2009 /usr/bin/su
    LVL 40

    Expert Comment


    chgrp root /usr/bin/su

    Author Comment

    Thanks so much!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
    Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    Video by: Phil
    This video goes over how to configure and start a jail in FreeBSD.  This video is meant to supplement the article included with this course.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now