3.2.9 /etc/security/user - sugroups

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


Restricts access to root, via su, to members of a specific group.

In setting the sugroups attribute to system, this ensures that only members of the system group are able to su root. This makes it difficult for an attacker to use a stolen root password as the attacker first has to get access to a system user ID.


In /etc/security/user, set the root stanza sugroups attribute to system-

chuser su=true sugroups=system root

See Also