In General, the average user by executing "su-" command, enter the correct root password, you can log in as root user to the system administrator-level configuration.
However, in order to further enhance system security, the need for an administrator's group to allow only the users of this group to perform the command "su-" log on as root user, and let other users even if the execution of the group "su-" and enter the correct root password and cannot login as root user. Under UNIX, this group name is usually the "wheel". Root @ sample ~] # usermod-GwheelCentOSpub ← general user CentOSpub plus in Administrators group wheel group root @ sample ~] # vi/etc/pam.d/su ← open the configuration file # authrequired/lib/security/$ ISA/find this line, pam_wheel.souse_uid ← removed line of "#" ↓ authrequired/lib/security/$ ISA/pam_wheel.souse_uid ← into this State (about line 6) root @ sample ~] # echo "SU_WHEEL_ONLYyes" > >/etc/login.defs ← add statements to the end of the line after the completion of the above actions, you can then create a new user, and then use this new user testing shows that isn't in the wheel group of users, execute the command "su-", even if you have entered the correct root password and cannot login as root user.
No comments:
Post a Comment