Linux Server Security Tip: Protect su by Limiting Access Only to Admin Group

When it comes to running a website on a VPS, security is a top priority. One of the most critical aspects of server security is limiting access to the ‘su’ command, which allows users to switch to another user account. By default, any user can use the ‘su’ command to become the root user, which can pose a significant security risk. This article will guide you on how to protect the ‘su’ command by limiting its access only to the admin group on a Linux server.

Understanding the ‘su’ Command

The ‘su’ command, short for ‘substitute user’, is a powerful tool in Linux. It allows you to switch to another user account without logging out and back in again. While this can be convenient, it can also be a security risk if not properly managed.

Why Limit Access to the ‘su’ Command?

By default, any user on a Linux system can use the ‘su’ command to switch to any other user account. If a malicious user gains access to your system, they could use this command to become the root user, giving them complete control over your server. By limiting access to the ‘su’ command, you can significantly reduce this risk.

How to Limit Access to the ‘su’ Command

Limiting access to the ‘su’ command involves adding users to a special group, often called the ‘wheel’ group, and then configuring the system to only allow users in this group to use the ‘su’ command. Here’s how to do it:

• Create the ‘wheel’ group if it doesn’t already exist. You can do this with the command: groupadd wheel
• Add the admin user to the ‘wheel’ group with the command: usermod -aG wheel admin
• Edit the ‘/etc/pam.d/su’ file and uncomment the line that says: auth required pam_wheel.so use_uid

With these changes, only users in the ‘wheel’ group can use the ‘su’ command to become the root user.

Additional Security Measures

While limiting access to the ‘su’ command is a good start, there are other security measures you should consider when running a website on a Hong Kong VPS. These include:

• Regularly updating your server software
• Using strong, unique passwords for all user accounts
• Disabling root login over SSH
• Setting up a firewall to block unwanted traffic

Conclusion

Securing your Linux server is a crucial aspect of running a website on a VPS. By limiting access to the ‘su’ command, you can significantly reduce the risk of a malicious user gaining complete control over your server. However, this is just one aspect of server security, and you should also consider other measures such as regular updates, strong passwords, and a robust firewall.