现象描述:
使用普通用户admin想切换到root执行命令时,一直提示拒绝权限
[admin@localhost ~]$ su - 密码: su: 拒绝权限
可能原因:
为安全考虑,openEuler20.03应该是做了用户权限切换限制
处理步骤:
解决方法一:
找到如下文件,查看pam_wheel.so use_uid
[root@localhost ~]# vi /etc/pam.d/su ####################################################################################### # # Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved. # security-tool licensed under the Mulan PSL v1. # You can use this software according to the terms and conditions of the Mulan PSL v1. # You may obtain a copy of Mulan PSL v1 at: # http://license.coscl.org.cn/MulanPSL # THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR # PURPOSE. # See the Mulan PSL v1 for more details. # Description: Configuration File for PAMified Services # ####################################################################################### #%PAM-1.0 auth required pam_wheel.so use_uid
发现pam_wheel.so use_uid没有被注释掉,将其注释:
[root@localhost ~]# vi /etc/pam.d/su #auth required pam_wheel.so use_uid
新开窗口使用admin再次重试
[admin@localhost ~]$ su - root 密码: Welcome to 4.19.90-2003.4.0.0036.oe1.x86_64 System information as of time: 2022年 11月 23日 星期三 18:53:22 CST System load: 0.01 Processes: 150 Memory used: 57.7% Swap used: 27.4% Usage On: 49% IP address: 192.168.137.16 Users online: 3 [root@localhost ~]#
OK了!
解决方法二:
不修改配置文件,加用户组
[root@localhost ~]# usermod -G wheel admin [root@localhost ~]# cat /etc/group root:x:0: wheel:x:10:admin
新开终端使用admin用户再次尝试:
[admin@localhost ~]$ su - root 密码: 上一次登录: 三 11月 23 18:53:22 CST 2022 pts/2 上 Welcome to 4.19.90-2003.4.0.0036.oe1.x86_64 System information as of time: 2022年 11月23日 星期三 18:56:15 CST System load: 0.08 Processes: 150 Memory used: 57.4% Swap used: 27.8% Usage On: 49% IP address: 192.168.137.16 Users online: 3 [root@localhost ~]#