Re: User root from client can be all another users

You MUST give more information about your system, configs, etc. if you want an answer.

I supose that you have an openldap server acting as a user account store, and it's allowing the users of ldap to log in the system. So if you do a getent passwd you will get all users from the server (local+ldap).

Logging as root gives you all the privileges (uid 0), and if you don't uninstall su I think that you will not be able to do what you want. Root user must be only logged by the root.

I also think that this is not an ldap question.

2009/3/23 Marcelo Gomes marmitsbr@yahoo.com.br:

Hi!

In my network, when some client do login as root (local) he can type "su -l" and be all another user from ldap.

How can i block this ?

thanks

Marcelo Gomes