sudo versus su

su

When a user uses su command, he is prompted for the root credentials once he provides the same, he is given the root shell and now he is having unlimited power of root. Still, if SELinux is enabled this behavior can be controlled.

Usually, linux system shall be configured in such a way that only certain users shall have access to the su command. To disable command for all make sure there shall be no user in the wheel group on the system. Then go to /etc/pam.d and edit the “su” file uncomment the following line

auth    required        pam_wheel.so use_uid

To provide permissions to any specific user for executing this command, add them to wheel group now.

Sudo

The sudo command offers another approach to giving users administrative access. When trusted users precede an administrative command with sudo , they are prompted for their own password.Then, when they have been authenticated and assuming that the command is permitted, the Administrative command is executed as if they were the root user.

The sudo command allows for a high degree of flexibility. For instance, only users listed in the /etc/sudoers configuration file are allowed to use the sudo command and the command is executed in the user’s shell, not a root shell.

  • Each successful authentication using sudo is logged to the file /var/log/messages
  • Command issues along with sudo are logged to the /var/log/secure file along with the name of the user who triggered the command.

Use visudo utility to edit the sudoers file

visudo  -f /etc/sudoers

Additional logging for sudo.

use the pam_tty_aud it module to enable TTY auditing for specified users by adding the following line to your /etc/pam. d /system-auth file. Following configuration will enable TTY auditing for the root user and disable it for all other users:

session required pam_tty_audit.so disable=* enable=root

Note:- Configuring the pam_tty_aud it PAM module for TTY auditing records only TTY input. This means that, when the audited user logs in, pam_tty_aud it records the exact keystrokes the user makes into the /var/log /audit/audit.log file.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s