分类: LINUX
2008-10-08 11:49:42
1、将用户添加只wheel组:usermod -G wheel username
2、修改/etc/pam.d/su, 添加
auth required pam_wheel.so use_uid
The wheel group is a legacy from UNIX. When a server
had to be maintained at a higher level than the day-to-day system
administrator, root rights were often required. The 'wheel' group was
used to create a pool of user accounts that were allowed to get that
level of access to the server. If you weren't in the 'wheel' group, you
were denied access to root. I'll show a couple of ways to use
membership of 'wheel' to limit the amount of havoc you can wreck on
your system.
Most modern-day Linux distro's still use this concept of grouping
people to assign different levels of administrative access, but to my
knowledge the 'wheel' group is not necessarily used to that purpose. I
like to be old-fashioned from time to time, and so I resurrected the
use of 'wheel'. Add yourself to wheel when creating your account (use
'wheel' as your primary group) or use vigr to edit the file /etc/group and put your name to the end of the line starting with wheel - like this:
wheel::10:root,alien
The vigr command is a safe way of editing the group
file in a multi-user environment. Of course, if there's no one working
on your box except yourself, you might just as well use plain vi.
