From: Bruce S. <bw...@ar...> - 2003-06-24 12:45:33
|
> >> I did create an account operator on my DL. > >> Then, I tried to log on my DL box with this account, but I can not > >> run the "su" utility. I got this message: > >> > >> sh: /bin/su: Permission denied > >> > >> How can I get it to work? > >> I think that connecting to the DL box by ssh with root is realy not > >> secure. > > > What version of DL are you running? > > And what are the permissions of "su"? > > (do a "ls -l /bin/su") > > - BS > > I use DL 0.5 and the permissions are : > > -rwsr-x--- 1 root root 35248 Jan 1 1980 /bin/su OK, those file permissions will not let "su" to run from anyone other than root, or anyone in the "root" group. I'm running a 0.6beta release, so this may or may not work for 0.5: Edit the file: /etc/sysconfig/permissions.base Inside it, find the line containing "/bin/su", at the end of that line should be the number "4750". Change it to "4755". Save the file, save-config, reboot. This assumes you have the default setting of SET_FILE_PERM=yes in /etc/sysconfig/config Side note: You realize you need to be root to do anything on DL, so adding another user effectively only adds another password in the login sequence to your DL box. It doesn't enhance security any other way. Also, you should set "PermitRootLogin no" in /etc/ssh/sshd_config to prevent remote root logins, to really make your change effective. - BS |