HomeTechnologyLinuxHow to limit access to su command in Linux

How to limit access to su command in Linux

If you have added Linux to the data center or are just using a single Linux machine for your business, you need to make sure it is as secure as possible. Of course, everyone thinks that Linux is one of the safest platforms on the planet. Although this may be true, you can still do many things to further improve the security of the Linux computer you are using.

One trick is to restrict access to su command. By using the su command, the user can change from one user account to another (if there is a password of that user account). Suppose you have some users in the admin group that have full access to certain folders (may contain sensitive data) and you do not want users who are not in the group to switch to user accounts. Other (using the su command), and then get access to that sensitive information.

This trick can be done on any Linux distribution. For example today will use Ubuntu Server. The article will create a new group, add users to that group and then restrict access to the su command for this group.

But how to limit access to su command? This is actually quite easy. Let's find out later!

Create a group

First, we will create a new group on the server (or desktop). To do this, open a terminal window and enter the command:

 sudo groupadd admin

You now have a new group added to the system. If you find that the admin group already exists, you may have to create a group with a different name.

Add users to the new group

Suppose we have a user of Jack and want to add him to the new group, so that Jack has access to the su command. Please enter the following command:

 sudo usermod -a -G admin jack

When running this command, user Jack will be a member of the admin group.

Restrict access to su commands

Now, we need to allow the admin team to access the su command. Do this with a single command. Go back to the terminal window and enter the following command:

 sudo dpkg-statoverride --update --add root admin 4750 /bin/su

From the terminal window, log into Jack user account. If you try to use the su command as that user, the request will be allowed. Because Jack is a member of the admin group, has access to su command. However, if you log in as another user and try using the su command, the request will be rejected. Because only people in the admin group have access to su.

How to limit access to su command in Linux Picture 1

And that's all there is to do to restrict access to su command in Linux. Although this is not the only step you need to take to enhance the security of your Linux system, it will certainly prevent users from accessing the tool that can elevate their rights to unnecessary levels.

Hope you are succesful.

5 ★ | 1 Vote
linux

You should read it

May be interested

  • How to change the encryption password LUKSPhoto of How to change the encryption password LUKS
    it's great if you've decided to protect your data with luks. but you need to change if you have chosen an inappropriate passphrase. fortunately, unlike many encryption solutions, luks allows to change passphrases quite easily.
  • How to install Pip in UbuntuPhoto of How to install Pip in Ubuntu
    linux has a lot of package managers. ubuntu not only has apt but also many programming languages ​​that come with its own package manager. pip stands for python packages packages and allows you to easily install packages from python package index (pypi).
  • How to configure static IP addresses on LinuxPhoto of How to configure static IP addresses on Linux
    when you need a linux system with a static ip address instead of a dynamically set address by dhcp, all you need to do is make some configuration changes and reboot the system. follow these steps to make the conversion.
  • 7 best antivirus programs for UbuntuPhoto of 7 best antivirus programs for Ubuntu
    viruses can still be spread, especially if you have a samba server (to share windows files on linux) or external devices often interact with both linux and windows.
  • How to check for simple Linux server performancePhoto of How to check for simple Linux server performance
    there are many options for virtual private servers or professional servers in the market, so how do i know which server is the best and suitable for me?
  • Check the current user on LinuxPhoto of Check the current user on Linux
    in linux, you can perform simple tasks such as checking the current user in many ways. this tutorial will show you how to use some of the quickest and easiest ways to check users on linux.

Linux