|
|
发表于 2005-1-26 16:14:58
|
显示全部楼层
最好把该普通用户加入到wheel组,并确保/etc/pam.d/su设定大致如下(注意红色部分):
- #%PAM-1.0
- auth sufficient /lib/security/pam_rootok.so
- # If you want to restrict users begin allowed to su even more,
- # create /etc/security/suauth.allow (or to that matter) that is only
- # writable by root, and add users that are allowed to su to that
- # file, one per line.
- #auth required /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow
- [color=red]# Uncomment this to allow users in the wheel group to su without
- # entering a passwd.
- auth sufficient /lib/security/pam_wheel.so use_uid trust[/color]
- # Alternatively to above, you can implement a list of users that do
- # not need to supply a passwd with a list.
- #auth sufficient /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass
- # Comment this to allow any user, even those not in the 'wheel'
- # group to su
- auth required /lib/security/pam_wheel.so use_uid
- auth required /lib/security/pam_stack.so service=system-auth
- account required /lib/security/pam_stack.so service=system-auth
- password required /lib/security/pam_stack.so service=system-auth
- session required /lib/security/pam_stack.so service=system-auth
- session required /lib/security/pam_env.so
- [color=red]session optional /lib/security/pam_xauth.so[/color]
|
|
IP卡
狗仔卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
楼主