Linux学习笔记之 修改/etc/pam.d/su让wheel组用户su切换到root时不用输入密码

vi /etc/pam.d/su

在 /etc/pam.d/su 中, 与wheel有关的有两句 , 默认是加注释的,
此时所有用户能su到root, 要密码

#%PAM-1.0
auth            sufficient      pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth           sufficient      pam_wheel.so trust use_uid  //这句
# Uncomment the following line to require a user to be in the "wheel" group.
#auth           required        pam_wheel.so use_uid        //和这句
auth            substack        system-auth
auth            include         postlogin
account         sufficient      pam_succeed_if.so uid = 0 use_uid quiet
account         include         system-auth
password        include         system-auth
session         include         system-auth
session         include         postlogin
session         optional        pam_xauth.so

启用这条👇使得wheel成员su到root不用输密码

auth           sufficient      pam_wheel.so trust use_uid

启用这条👇使得非wheel成员无法切换到root

auth           required        pam_wheel.so use_uid