Home IT Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Linux prohibit non-WHEEL user su command Detail     - ASM Disk Space Check (Database)

- Node.js simple interface server (Server)

- Linux kernel source tree to establish load module hello (Linux)

- Linux file and directory permissions settings (Linux)

- Define and modify strings principle in Python (Programming)

- Android Studio Installation and Configuration Guide tutorial (Linux)

- Snapshot DataGuard (Database)

- Use Python automatically cleared Android Engineering excess resources (Programming)

- RHEL5.x RHEL6.x replace CentOS yum source (Linux)

- Detailed usage history command (Linux)

- Python 2.7.9 Installation on Linux CentOS 6.6 (Linux)

- MongoDB version 3.2 WiredTiger storage engine performance tests (Database)

- MySQL Installation Troubleshooting (Database)

- ORA-00845: MEMORY_TARGET not supported on this system Problem (Database)

- Analysis JavaBean (Programming)

- JavaScript closures and the scope chain (Programming)

- Python interview must look at 15 questions (Programming)

- How Oracle implements random reads from specific combinations (Database)

- Linux user login ban (Linux)

- Linux Tutorial ---- fundamentals of data traffic redirection (Linux)

 
         
  Linux prohibit non-WHEEL user su command Detail
     
  Add Date : 2017-08-31      
         
       
         
  Under normal circumstances, the average user by executing "su -" command, enter the correct root password, you can log on to the administrator-level configuration for the root user on the system.

However, in order to further strengthen the security of the system, it is necessary to establish a group administrator, only allow this group of users to execute "su -" command to log in as root, and let other groups of users, even if the implementation of "su -" and enter the correct root password, you can not log in as root. Under UNIX and Linux, the name of this group is usually "wheel".

First, the prohibition of non whell group of users to switch to root

1, modify the configuration /etc/pam.d/su

[Root@abctest ~] # vi /etc/pam.d/su <- open the configuration file
#auth required /lib/security/$ISA/pam_wheel.so use_uid < - to find this line, "#" to remove the head of the line

2, modify the file /etc/login.defs

[Root@abctest ~] # echo "SU_WHEEL_ONLY yes" >> /etc/login.defs < - add statements to the end of the line above operation is complete, you can then create a new user, and then use this new user test You will find that there is no wheel group was added to the user, do "su -" command, even if you entered the correct root password, can not log in as root

3, add a user woo, test whether you can switch to the root

[Root@abctest ~] # useradd woo
[Root@abctest ~] # passwd woo
Changing password for user woo.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfull

4, by woo trying to switch to root user login

[Woo@abctest ~] $ su - root < - even entering the correct password can not be switched
Password:
su: incorrect password
[Woo@abctest ~] $

Second, add users to the administrator to prohibit ordinary users su to root
6, add users, and add the Administrators group to prohibit ordinary users su to root, install OpenSSH / OpenSSL enhance remote management to cope with security after

[Root@abctest ~] # useradd admin
[Root@abctest ~] # passwd admin
Changing password for user admin.
New UNIX password:
BAD PASSWORD: it is too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.


[Root@abctest ~] # usermod -G wheel admin (usermod -G wheel admin or usermod -G10 admin (10 is a wheel group ID number))
[Root@abctest ~] # su - admin
[Admin@abctest ~] $ su - root
Password:
[Root@abctest ~] #

Method One: wheel group can also be specified as other groups, edit /etc/pam.d/su add the following two lines

[Root@abctest ~] # vi /etc/pam.d/su
auth sufficient /lib/security/pam_rootok.so debug
auth required /lib/security/pam_wheel.so group = wheel

Method two: Edit the following line /etc/pam.d/su remove the # symbol

[Root@abctest ~] # vi /etc/pam.d/su
# RedHat # auth required /lib/security/$ISA/pam_wheel.so use_uid < - to find this line, "#" to remove the head of the line
# CentOS5 # auth required pam_wheel.so use_uid <- find this line, "#" to remove the head of the line

# Save out ============

[Root@abctest ~] # echo "SU_WHEEL_ONLY yes" >> /etc/login.defs < - add statements to the end of the line
     
         
       
         
  More:      
 
- MongoDB in bulk timestamp change the date format (Database)
- Python closure and function objects (Programming)
- Comparison of Nginx and Nginx + (Server)
- Analysis JavaBean (Programming)
- Locale files under Ubuntu (Linux)
- Installation Flow N Play- interface stylized video player on Ubuntu (Linux)
- Linux Getting Started tutorial: Ubuntu 14.04 in the installation Sogou Pinyin (Linux)
- Linux System Getting Started Learning: modify environment variables in Linux PATH (Linux)
- Linux C source code (Ascii HexToBinary: Converts hexadecimal string format ASCII codes) (Programming)
- Android Notification (Programming)
- Spring use Cache (Programming)
- SQL Beginner Guide (Database)
- Ubuntu 10.10 install Oracle 10g Installation Guide (Database)
- Ubuntu How to install and upgrade Linux Kernel 3.15 (Linux)
- Root of AVL Tree- achieve balanced search trees AVL tree (Programming)
- Save the database data files into Oracle Learning (Database)
- Oracle 11g How dataguard master repository to Oracle single instance data recovery (Database)
- Compile and install Ubuntu Linux 4.0.5 kernel, network and fix vmware kernel module compilation error (Linux)
- CentOS7 yum install third-party source EPEL (Linux)
- Linux process or thread is bound to a CPU (Programming)
     
           
     
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.