关闭

[转]linux普通用户的su权限

2507人阅读 评论(0) 收藏 举报

出处:
http://hi.baidu.com/wxsuyi/blog/item/bb46e5d7c3b0ccd4a044df78.html
实验环境:gentoo
/etc/pam.d/su
#%PAM-1.0

auth       sufficient    pam_rootok.so

# If you want to restrict users begin allowed to su even more,
# create /etc/security/suauth.allow (or to that matter) that is only
# writable by root, and add users that are allowed to su to that
# file, one per line.
#auth       required     pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow

# Uncomment this to allow users in the wheel group to su without
# entering a passwd.
#auth       sufficient   pam_wheel.so use_uid trust

# Alternatively to above, you can implement a list of users that do
# not need to supply a passwd with a list.
#auth       sufficient   pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass

# Comment this to allow any user, even those not in the 'wheel'
# group to su
auth       required     pam_wheel.so use_uid

auth       include        system-auth

account    include        system-auth

password   include        system-auth

session    include        system-auth
session    required     pam_env.so
session    optional        pam_xauth.so
注意红色字体,表示wheel用户组可以su到root用户,但是必须输入root密码,所以只需将当前的普通用户添加到wheel用户组即可
/etc/group
root::0:root
bin::1:root,bin,daemon
daemon::2:root,bin,daemon
sys::3:root,bin,adm
adm::4:root,adm,daemon
tty::5:
disk::6:root,adm
lp::7:lp
mem::8:
kmem::9:
wheel::10:root,adream

红色字体部分,将adream用户加入wheel用户组

0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:729973次
    • 积分:9650
    • 等级:
    • 排名:第1830名
    • 原创:331篇
    • 转载:122篇
    • 译文:0篇
    • 评论:36条
    文章分类
    最新评论