Restrict ‘su’ command – SUSE

By default all user has access to command “su”. This command allows login to other user from current shell. Of course they should know target user password. The problem is you cannot have control/log of users once they switched successfully. What happens if the user by chance able to switch as root?

Desired secure method to switch across user is restrict “su” command. Enforce them to use “sudo” instead.

Read More


How to use SUDO Runas alias?

Usually SUDO used by non-superuser to run command with root privileges. But in few scenario application/commands stick with it native user. Even with root user privileges it won’t work as expected. For example to run any oracle commands you need to be oracle user.

Here consider mission critical application “xapp1” and it uses user “app1”. Allowing others to login as app1 will result in trouble. The secure way is to allow user to execute limited commands as app1 user.

Read More


SUDO Command Alias

Usage of sudo command alias and it various useful features with examples given.

Syntax

                Cmnd_Alias        NAME   =   cmnd1, cmnd2, cmnd3 ….

To define command alias in sudoers file must remember two hard coded rules

Read More