Home IT Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Linux prohibit non-WHEEL user su command Detail     - Java regular expression syntax (Programming)

- Grep how to find files based on file contents in UNIX (Linux)

- Redis Design and Implementation study notes (Database)

- Using Android Studio integrated development environment to build Android (Linux)

- Oracle archive log size than the size of the online journal of the much smaller (Database)

- How to install MySQL on Linux Dock (Database)

- JavaScript object - Flexible and dangerous (Programming)

- Ubuntu 14.04 next upgrade to GNOME 3.12 (Linux)

- iptables using summary (Linux)

- CentOS 6.5 install Firefox (Linux)

- Java abstract class instantiation (Programming)

- Differential test piece using MongoDB performance YCSB (Database)

- Linux Nginx installation and configuration instructions (Server)

- Linux Getting Started tutorial: hard disk partition and to deal with traps (Linux)

- Ubuntu install Avast antivirus software (Programming)

- How x2go set up Remote Desktop on Linux (Linux)

- ARM platform compiler installation Golang (Linux)

- The most concise explanation of JavaScript closures (Programming)

- CentOS 6.5 install VNC-Server (Linux)

- Shell Programming points to note about the function (Programming)

 
         
  Linux prohibit non-WHEEL user su command Detail
     
  Add Date : 2017-08-31      
         
       
         
  Under normal circumstances, the average user by executing "su -" command, enter the correct root password, you can log on to the administrator-level configuration for the root user on the system.

However, in order to further strengthen the security of the system, it is necessary to establish a group administrator, only allow this group of users to execute "su -" command to log in as root, and let other groups of users, even if the implementation of "su -" and enter the correct root password, you can not log in as root. Under UNIX and Linux, the name of this group is usually "wheel".

First, the prohibition of non whell group of users to switch to root

1, modify the configuration /etc/pam.d/su

[Root@abctest ~] # vi /etc/pam.d/su <- open the configuration file
#auth required /lib/security/$ISA/pam_wheel.so use_uid < - to find this line, "#" to remove the head of the line

2, modify the file /etc/login.defs

[Root@abctest ~] # echo "SU_WHEEL_ONLY yes" >> /etc/login.defs < - add statements to the end of the line above operation is complete, you can then create a new user, and then use this new user test You will find that there is no wheel group was added to the user, do "su -" command, even if you entered the correct root password, can not log in as root

3, add a user woo, test whether you can switch to the root

[Root@abctest ~] # useradd woo
[Root@abctest ~] # passwd woo
Changing password for user woo.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfull

4, by woo trying to switch to root user login

[Woo@abctest ~] $ su - root < - even entering the correct password can not be switched
Password:
su: incorrect password
[Woo@abctest ~] $

Second, add users to the administrator to prohibit ordinary users su to root
6, add users, and add the Administrators group to prohibit ordinary users su to root, install OpenSSH / OpenSSL enhance remote management to cope with security after

[Root@abctest ~] # useradd admin
[Root@abctest ~] # passwd admin
Changing password for user admin.
New UNIX password:
BAD PASSWORD: it is too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.


[Root@abctest ~] # usermod -G wheel admin (usermod -G wheel admin or usermod -G10 admin (10 is a wheel group ID number))
[Root@abctest ~] # su - admin
[Admin@abctest ~] $ su - root
Password:
[Root@abctest ~] #

Method One: wheel group can also be specified as other groups, edit /etc/pam.d/su add the following two lines

[Root@abctest ~] # vi /etc/pam.d/su
auth sufficient /lib/security/pam_rootok.so debug
auth required /lib/security/pam_wheel.so group = wheel

Method two: Edit the following line /etc/pam.d/su remove the # symbol

[Root@abctest ~] # vi /etc/pam.d/su
# RedHat # auth required /lib/security/$ISA/pam_wheel.so use_uid < - to find this line, "#" to remove the head of the line
# CentOS5 # auth required pam_wheel.so use_uid <- find this line, "#" to remove the head of the line

# Save out ============

[Root@abctest ~] # echo "SU_WHEEL_ONLY yes" >> /etc/login.defs < - add statements to the end of the line
     
         
       
         
  More:      
 
- Installation under Linux to deploy Java (Linux)
- Vi syntax highlighting settings (Linux)
- Puppet Detailed centralized configuration management system (Server)
- EChart simple and practical control on chart (Programming)
- VirtualBox virtual machine to install Linux (Linux)
- How to disable IPv6 on Ubuntu, Linux Mint, Debian (Linux)
- VMware virtual machine can not start VMnet0 no Internet access and other issues (Linux)
- CentOS6 MongoDB connection solution can not break 1000 (Database)
- RHEL5 establish a local yum source (Linux)
- C ++ sequence containers basics summary (Programming)
- How to install OpenOffice Ubuntu or Linux Mint (Linux)
- Delay for the specified IP port analog network to send and receive packets on Linux (Linux)
- Simple configuration shell scripts virtual machine environment experiment (Linux)
- VMware Workstation virtual machine cloning (Linux)
- CentOS Set the Mono environment variable (Server)
- Bash variable expansion modifier (Programming)
- gzip, bzip2, xz, tar, zip compression, archive Detailed (Linux)
- What is Java EE (Programming)
- Share Practical Tutorial GitHub (Linux)
- Single-node Hadoop installation notes distributed pseudo & (Server)
     
           
     
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.