Problem of "sudo su -" vs "su" on FreeIPA

Issues related to applications and software problems
Post Reply
tshafqat
Posts: 1
Joined: 2018/07/17 13:59:33

Problem of "sudo su -" vs "su" on FreeIPA

Post by tshafqat » 2018/07/17 14:05:50

Hi All,
I am new to the forums. I have a problem. I have 3 nodes. 1 IPA Server and 2 clients. CentOS7 as Server and 1 client and another client is Ubuntu16.04.

1- When I login to Server or Client with any user created on IPA and try "sudo su-" , the response is normal. It doesn't allow root access
2- But when I hit "su" , it goes to root access even if the user is not part of "sudoers"

Any comments ????

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Problem of "sudo su -" vs "su" on FreeIPA

Post by TrevorH » 2018/07/17 15:02:24

The su utility is totally separate from sudo and does not use /etc/sudoers. It does not check your authority to execute it but will ask for the root password. If you have not set a root password then I suspect it will let you straight in. Also, on machines with things like cpanel installed, they modify the permissions on the su executable to allow people in a particular group to run it and deny access to anyone else. That is a problem specific to panels though and those are not supported here.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply