Shulou(Shulou.com)06/01 Report--

This article focuses on "how to restrict access to su commands in Linux". Interested friends may wish to have a look at it. The method introduced in this paper is simple, fast and practical. Now let the editor take you to learn how to restrict access to su commands in Linux.

This tutorial shows you simple tips for improving the security of your Linux server by restricting Linux users' access to su commands.

If you have added Linux to your data center, or if you are just using a Linux machine for your business, you need to make sure it is as secure as possible. Of course, everyone thinks that Linux is one of the most secure platforms on earth. Maybe it's really safe, but you still need to do a lot of things to further improve the security of Linux.

One trick is to restrict access to su commands. By using the su command, users can change from one user to another (if they have another user's password). Why is this important? You may have some users in the administrator group that have full access to specific directories (some of which may contain sensitive data) and do not want users who are not in that group to switch to users (by using the su command) and then gain access to that information.

This technique can be done on any Linux distribution, but I'll demonstrate it on the Ubuntu Server platform. We will create a new group, add users to the group, and then restrict access to the set of su commands.

But how do we restrict access to su commands? This is actually very simple. Let me show you.

Create a group

We will first create a new group on our server (or desktop). To do this, open the terminal window and issue the command:

Sudo groupadd admin

You have now added the new group to the system. If you find that an administrative group already exists, you may have to create a group with a different name.

Add users to the new group

Suppose we have the user linuxidc.com and we want to add him to the new group so that he can access the su command. The command for this is:

Sudo usermod-a-G admin linuxidc.com

After running the command, the user linuxidc.com becomes a member of the admin group.

Restrict su access

Now we need to allow those in the administrative group to access the su command. This can be done with a single command. Return to the terminal window and issue the following command:

Sudo dpkg-statoverride-update-add root admin 4750 / bin/su

Try it

Log in as user linuxidc.com from the terminal window. If you try to use the su command for this user, it will be allowed. Why? Because linuxidc is a member of the admin group, the admin group can access su, but if you log in as another user and try to use the su command, it will be rejected. Why? Because only members of the admin group can access su.

This is all about restricting access to su commands in Linux. While this is not the only step you need to take to enhance your Linux installation, it will certainly prevent users from accessing tools that can elevate their permissions to a level they should not have.

At this point, I believe you have a better understanding of "how to restrict access to su commands in Linux". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.