3.2.9 /etc/security/user - su

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Restricts access to root, via su, to members of a specific group.

In setting the sugroups attribute to system, this ensures that only members of the system group are able to su root. This makes it difficult for an attacker to use a stolen root password as the attacker first has to get access to a system user ID.

Solution

In /etc/security/user, set the root stanza sugroups attribute to system-

chuser su=true sugroups=system root

See Also

https://workbench.cisecurity.org/files/528