How to restrict su command root in linux

(Not Recommended for some reasons) 

Open a console or terminal and type :
/bin/su

Remember the current file mode bits and restrictions for su binary:
# ls -la /bin/su
-rwxr-xr-x 1 root root 24284 Apr 28 2007 /bin/su

Noticed that su binary is world executable and world readable. This basically means anybody can call and execute the su binary and gain access to perhaps stolen password with bash-enabled user accounts. If you wish to change this, you can issue the following command as follows:
# chmod 700 /bin/su

So, only root and root alone can call su binary command.

Note that, it is not advisable to do this if your su binary is set to suid root, that has similar attributes like below:
-rwsr-xr-x 1 root root 27052 2007-08-02 18:33 /bin/su

as it could affect some apps and package that links to suit root-ted su binary.

Advertisements

One thought on “How to restrict su command root in linux

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s