HomeTechnologyLinux

How to limit access to su command in Linux

If you have added Linux to the data center or are just using a single Linux machine for your business, you need to make sure it is as secure as possible. Of course, everyone thinks that Linux is one of the safest platforms on the planet. Although this may be true, you can still do many things to further improve the security of the Linux computer you are using.

One trick is to restrict access to su command. By using the su command, the user can change from one user account to another (if there is a password of that user account). Suppose you have some users in the admin group that have full access to certain folders (may contain sensitive data) and you do not want users who are not in the group to switch to user accounts. Other (using the su command), and then get access to that sensitive information.

This trick can be done on any Linux distribution. For example today will use Ubuntu Server. The article will create a new group, add users to that group and then restrict access to the su command for this group.

But how to limit access to su command? This is actually quite easy. Let's find out later!

Create a group

First, we will create a new group on the server (or desktop). To do this, open a terminal window and enter the command:

 sudo groupadd admin

You now have a new group added to the system. If you find that the admin group already exists, you may have to create a group with a different name.

Add users to the new group

Suppose we have a user of Jack and want to add him to the new group, so that Jack has access to the su command. Please enter the following command:

 sudo usermod -a -G admin jack

When running this command, user Jack will be a member of the admin group.

Restrict access to su commands

Now, we need to allow the admin team to access the su command. Do this with a single command. Go back to the terminal window and enter the following command:

 sudo dpkg-statoverride --update --add root admin 4750 /bin/su

From the terminal window, log into Jack user account. If you try to use the su command as that user, the request will be allowed. Because Jack is a member of the admin group, has access to su command. However, if you log in as another user and try using the su command, the request will be rejected. Because only people in the admin group have access to su.

How to limit access to su command in Linux Picture 1

And that's all there is to do to restrict access to su command in Linux. Although this is not the only step you need to take to enhance the security of your Linux system, it will certainly prevent users from accessing the tool that can elevate their rights to unnecessary levels.

Hope you are succesful.

5 ★ | 1 Vote
linux

You should read it

May be interested

  • How to use ss command on LinuxHow to use ss command on Linux
    the ss command is a new alternative to the classic netstat. you can use it on linux to get data about network connections. here's how to work with this helpful tool.
  • 11 uses of ps command in Linux11 uses of ps command in Linux
    for system administrators, ps is a frequently used tool. the ps command is used to list the processes currently running on the system, with many available filtering and display modes via flags and arguments.
  • Instructions for using zforce command on LinuxInstructions for using zforce command on Linux
    the gzip command is a popular tool used to compress / decompress files in linux. tipsmake.com presents the basics of this tool in the article: some basic terminal commands in linux mint 11.
  • How to access SSH on Windows 7 using CygwinHow to access SSH on Windows 7 using Cygwin
    if you are comfortable using linux / unix and want to access ssh on a windows 7 computer, you can use cygwin. this windows linux emulator provides this functionality and gives you a familiar work environment with just a few simple steps.
  • 12 things Linux is easier to do in the command line than graphical software12 things Linux is easier to do in the command line than graphical software
    graphical user interfaces (guis) were invented to make life easier for computer users, so it's very common to use them to perform most everyday tasks.
  • 11 df commands in Linux (with example)11 df commands in Linux (with example)
    with the df command in linux, you can easily check your system for details about disk space and file size. these 12 examples of df commands will show you how to do them in detail.
  • How to use the Linux command line on Android with TermuxHow to use the Linux command line on Android with Termux
    android is a very operating system 'capacity with more and more desktop accessibility applications. however, sometimes you want to make some things on android that can be as easy as desktop. fortunately, you can use the termux tool, which builds on the existing infrastructure and provides a command line environment that allows you to install real linux applications on your android device.
  • Instructions for using find command in LinuxInstructions for using find command in Linux
    the find command is one of the most important and handy commands on a linux system. as its name suggests, the command can find files on a linux pc based on a variety of conditions and variables you set.
  • How to use the history command in LinuxHow to use the history command in Linux
    as you spend more and more time in terminal sessions, you will constantly find new commands that make everyday tasks more efficient. the gnu history command is one of them.
  • Learn about cheat.sh: A simple Terminal tool that provides a cheatsheet for any Linux commandLearn about cheat.sh: A simple Terminal tool that provides a cheatsheet for any Linux command
    use cheat.sh, a great tool that provides instant access to cheatsheets for any linux command.

Linux