Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Linux prohibit non-WHEEL user su command Detail     - React Native (Programming)

- Eight kinds of techniques to solve hard problems Linux (Linux)

- How to Install Cantata MPD 1.3.3 for Ubuntu and Derived Version Users (Linux)

- Linux server security settings to close unused ports (Linux)

- Linux server network penetration testing (Linux)

- RedHat / CentOS ext4 partition can not be formatted large supplementary ext4 formatting (Linux)

- Android development, may cause a memory leak problem (Programming)

- Oracle SQL statement tracking (Database)

- Linux Timing task Crontab command Detailed (Linux)

- Python closure and function objects (Programming)

- MySQL Slave synchronization problem solving (Database)

- Detailed use Zabbix monitoring Nginx (Server)

- Installation and Configuration Tomcat environment CentOS 6.6 (Server)

- Use Redis as time-series database: why and how (Database)

- PHP Performance Analysis and Experiment: Performance Micro Analysis (Programming)

- Upgrade installation manual CentOS6.5 GCC4.8.2 (Linux)

- Learning OpenCV: (VS2010-openCV2.4.3-win7 configuration instructions) (Linux)

- Change CentOS 7 NIC name eno16777736 to eth0 (Linux)

- Linux system security (Linux)

- Writing Better Bash build script 8 (Programming)

 
         
  Linux prohibit non-WHEEL user su command Detail
     
  Add Date : 2017-08-31      
         
         
         
  Under normal circumstances, the average user by executing "su -" command, enter the correct root password, you can log on to the administrator-level configuration for the root user on the system.

However, in order to further strengthen the security of the system, it is necessary to establish a group administrator, only allow this group of users to execute "su -" command to log in as root, and let other groups of users, even if the implementation of "su -" and enter the correct root password, you can not log in as root. Under UNIX and Linux, the name of this group is usually "wheel".

First, the prohibition of non whell group of users to switch to root

1, modify the configuration /etc/pam.d/su

[Root@abctest ~] # vi /etc/pam.d/su <- open the configuration file
#auth required /lib/security/$ISA/pam_wheel.so use_uid < - to find this line, "#" to remove the head of the line

2, modify the file /etc/login.defs

[Root@abctest ~] # echo "SU_WHEEL_ONLY yes" >> /etc/login.defs < - add statements to the end of the line above operation is complete, you can then create a new user, and then use this new user test You will find that there is no wheel group was added to the user, do "su -" command, even if you entered the correct root password, can not log in as root

3, add a user woo, test whether you can switch to the root

[Root@abctest ~] # useradd woo
[Root@abctest ~] # passwd woo
Changing password for user woo.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfull

4, by woo trying to switch to root user login

[Woo@abctest ~] $ su - root < - even entering the correct password can not be switched
Password:
su: incorrect password
[Woo@abctest ~] $

Second, add users to the administrator to prohibit ordinary users su to root
6, add users, and add the Administrators group to prohibit ordinary users su to root, install OpenSSH / OpenSSL enhance remote management to cope with security after

[Root@abctest ~] # useradd admin
[Root@abctest ~] # passwd admin
Changing password for user admin.
New UNIX password:
BAD PASSWORD: it is too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.


[Root@abctest ~] # usermod -G wheel admin (usermod -G wheel admin or usermod -G10 admin (10 is a wheel group ID number))
[Root@abctest ~] # su - admin
[Admin@abctest ~] $ su - root
Password:
[Root@abctest ~] #

Method One: wheel group can also be specified as other groups, edit /etc/pam.d/su add the following two lines

[Root@abctest ~] # vi /etc/pam.d/su
auth sufficient /lib/security/pam_rootok.so debug
auth required /lib/security/pam_wheel.so group = wheel

Method two: Edit the following line /etc/pam.d/su remove the # symbol

[Root@abctest ~] # vi /etc/pam.d/su
# RedHat # auth required /lib/security/$ISA/pam_wheel.so use_uid < - to find this line, "#" to remove the head of the line
# CentOS5 # auth required pam_wheel.so use_uid <- find this line, "#" to remove the head of the line

# Save out ============

[Root@abctest ~] # echo "SU_WHEEL_ONLY yes" >> /etc/login.defs < - add statements to the end of the line
     
         
         
         
  More:      
 
- Create Your Own Docker base image in two ways (Linux)
- Android Sets the system screen brightness (Programming)
- How to use the Docker Machine cluster deployment Swarm (Server)
- Linux command line to put on your coat GUI (Linux)
- Sysdig: system troubleshooting tool (Linux)
- Linux LVM - File system extension (Linux)
- MySQL EXPLAIN SQL output description (Database)
- Tomcat itself through simple movement separation (Server)
- Android Get App version number and version name (Programming)
- Linux NIC configuration (Linux)
- 5 steps to help you become a good Docker contributors (Linux)
- The maximum subsequence algorithm and optimization problems (Programming)
- Several back door and log tool under Linux (Linux)
- CentOS 5.x install Lua 5.2.3 error (LIBS = -lncurses) (Linux)
- How to use Git to upload code to GitHub project (Linux)
- Ubuntu 14.10 / 14.04 how to install Quick Start tool Mutate 2.2 (Linux)
- CentOS install Memcached (Server)
- Search Linux commands and files - which, whereis, locate, find (Linux)
- crontab task scheduling Health Check (Linux)
- Python programmers most often committed ten errors (Programming)
     
           
     
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.