[转]linux普通用户的su权限

出处：
http://hi.baidu.com/wxsuyi/blog/item/bb46e5d7c3b0ccd4a044df78.html
实验环境：gentoo
/etc/pam.d/su
#%PAM-1.0

auth       sufficient    pam_rootok.so

# If you want to restrict users begin allowed to su even more,
# create /etc/security/suauth.allow (or to that matter) that is only
# writable by root, and add users that are allowed to su to that
# file, one per line.
#auth       required     pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow

# Uncomment this to allow users in the wheel group to su without
# entering a passwd.
#auth       sufficient   pam_wheel.so use_uid trust

# Alternatively to above, you can implement a list of users that do
# not need to supply a passwd with a list.
#auth       sufficient   pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass

# Comment this to allow any user, even those not in the 'wheel'
# group to su
auth       required     pam_wheel.so use_uid

auth       include        system-auth

account    include        system-auth

password   include        system-auth

session    include        system-auth
session    required     pam_env.so
session    optional        pam_xauth.so
注意红色字体，表示wheel用户组可以su到root用户，但是必须输入root密码,所以只需将当前的普通用户添加到wheel用户组即可
/etc/group
root::0:root
bin::1:root,bin,daemon
daemon::2:root,bin,daemon
sys::3:root,bin,adm
adm::4:root,adm,daemon
tty::5:
disk::6:root,adm
lp::7:lp
mem::8:
kmem::9:
wheel::10:root,adream
…
红色字体部分，将adream用户加入wheel用户组