Shulou(Shulou.com)06/02 Report--

In order to further strengthen the security of the system, it is necessary to establish a group of administrators, which only allows users of this group to log in as root users by executing the "su -" command, while users of other groups cannot log in as root users even if they execute "su -" and enter the correct root password. Under UNIX and Linux, the group is usually named "wheel"

Prohibit non-whell group users from switching to root

1. Modify / etc/pam.d/su configuration

[root@qdata-rac1 / root] # vi / etc/pam.d/su

Auth required pam_wheel.so group=wheel-changing the line of auth without commenting out, ordinary users will not be able to switch to root

# auth required pam_wheel.so group=wheel-if you change the line of # auth and comment out, ordinary users can switch to root

2. Modify / etc/login.defs file

[root@qdata-rac1 / root] # echo "SU_WHEEL_ONLY yes" > > / etc/login.defs ← add statement to the end of the line after the operation is completed, you can create a new user, and then use this new user test to find that users who have not joined the wheel group execute the "su -" command and cannot log in as a root user even if they enter the correct root password

3. Try to switch to root by logging in to oracle user

[oracle@qdata-rac1 / root] $su-root cannot be switched even if the password is entered correctly

Password:

Su: incorrect password

5: add root users to the wheel group and then try to switch. You can switch.

[root@qdata-rac1 ~] $usermod-G wheel oracle ← adds the ordinary user woo to the administrators group wheel group

[oracle@qdata-rac1 ~] # su-oracle

[oracle@qdata-rac1 / root] $su-root ← at this time we see that it can be switched.

Password:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.