|
OS=RHEL 3 AS
/etc/pam.d/su 文件如下:
auth sufficient /lib/security/$ISA/pam_rootok.so
auth required /lib/security/$ISA/pam_wheel.so use_uid group=admin
// 仅允许admin组的成员su成root
auth required /lib/security/$ISA/pam_stack.so service=system-auth
account required /lib/security/$ISA/pam_stack.so service=system-auth
password required /lib/security/$ISA/pam_stack.so service=system-auth
session required /lib/security/$ISA/pam_stack.so service=system-auth
session optional /lib/security/$ISA/pam_xauth.so
假设有3个用户: alice , bob 和 courer
# usermod -G admin alice
进行以上设置后, 只有用户alice可以su成root, 而bob却不可以,但是bob竟然也不能su成其他普通用户,如courer
/var/log/message中提示:
PAM-Wheel[3873]: Access denied for 'bob' to 'courer'
God bless u if u have any idea for this ! ^o_o^ |
|