Disallow SuToRoot on Debian

From wiki.welmers.net

Jump to: navigation, search

For several reasons it should be nice if only a few users on your system can su to root, i.e. only the administrator accounts. This is default on BSD systems, but not on Debian. For Debian do the following:

  • Create group wheel
  • Add administrator users to it
  • Edit /etc/pam.d/su
  • Add the following somewhere in this file: 
auth       required   pam_wheel.so group=wheel

After this, only users in the group wheel can su to root.

Be carefull to first add yourself to the wheel group before adding this rule to pam.d/su ! Else you won't be able to become root anymore.

Retrieved from "http://wiki.welmers.net/en/Disallow_SuToRoot_on_Debian"
Personal tools