From owner-freebsd-questions@FreeBSD.ORG  Fri Oct 24 18:46:09 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3792C1065736
	for <freebsd-questions@freebsd.org>;
	Fri, 24 Oct 2008 18:46:09 +0000 (UTC)
	(envelope-from mdh_lists@yahoo.com)
Received: from web56802.mail.re3.yahoo.com (web56802.mail.re3.yahoo.com
	[66.196.97.76]) by mx1.freebsd.org (Postfix) with SMTP id BF6F18FC17
	for <freebsd-questions@freebsd.org>;
	Fri, 24 Oct 2008 18:46:08 +0000 (UTC)
	(envelope-from mdh_lists@yahoo.com)
Received: (qmail 26966 invoked by uid 60001); 24 Oct 2008 18:46:08 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;
	h=X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Message-ID;
	b=NhK09eh6/d1LjvGiF54+ZM7uS9Ef4A5g2vmoUHFwdW52KIzt4XiQWV3bYG6Ide2GdXWlfslOomzK0CG5IzfOoudCW0dzVroO7LN68xZKdLkoCTUvbyeNpNPgdP2kySIELQVma8ZmOKQxLoOkKG+BLqxDIfidDYIz6knYnEZZIFw=;
X-YMail-OSG: k3jJBbgVM1nAQdifMkp8trf5Duv0GKkzalUMquDG4gIVpAtiyU2gQDflnaELdfUNGJ9DSpFlyeQZLb1v2S1qG2HVTFn3GyuitKe9uQ.X4I4RRZHyy425Zy2oXTKfsbQJ0jVJUAfdGRAGIuDCi_ufI7Hezw--
Received: from [71.61.220.126] by web56802.mail.re3.yahoo.com via HTTP;
	Fri, 24 Oct 2008 11:46:07 PDT
X-Mailer: YahooMailWebService/0.7.247.3
Date: Fri, 24 Oct 2008 11:46:07 -0700 (PDT)
From: mdh <mdh_lists@yahoo.com>
To: freebsd-questions@freebsd.org
In-Reply-To: <49021319.7090804@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <172590.26774.qm@web56802.mail.re3.yahoo.com>
Subject: Re: root | su
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: mdh_lists@yahoo.com
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Oct 2008 18:46:09 -0000

--- On Fri, 10/24/08, Manolis Kiagias <sonic2000gr@gmail.com> wrote:
> From: Manolis Kiagias <sonic2000gr@gmail.com>
> Subject: Re: root | su
> To: "Jos Chrispijn" <kernel@webrz.net>
> Cc: "FreeBSD Questions" <freebsd-questions@freebsd.org>
> Date: Friday, October 24, 2008, 2:25 PM
> Jos Chrispijn wrote:
> > Is there a way of stopping root from su'ing to
> another user?
> >
> > Jos Chrispijn
> >
> Root is supposed to be the almighty god on your machine
> (i.e. you...). 
> No point trying to limit the abilities of root (especially
> if physical 
> access is also provided).
> And seriously,  root is a role not a person. If you find
> yourself trying 
> to limit root's capabilities, you've probably
> surrendered the root 
> password to the wrong person. If you need to give someone
> limited root 
> access to a machine, just use security/sudo instead (with a
> carefully 
> crafted sudoers file).

That's one option.  Another is to implement jails, or virtualization via something like qemu.  

Since the person asking didn't give any details of what he wants to do, it's hard to say, but your point is correct regardless.  

- mdh