Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1075921
  • 博文数量: 242
  • 博客积分: 10209
  • 博客等级: 上将
  • 技术积分: 3028
  • 用 户 组: 普通用户
  • 注册时间: 2008-03-12 09:27
文章分类

全部博文(242)

文章存档

2014年(1)

2013年(1)

2010年(51)

2009年(65)

2008年(124)

我的朋友

分类: LINUX

2008-10-08 11:49:42

  
   默认情况下,任何普通用户都可以通过su命令获得root用户的权限,对系统进行任何的操作。为了加强系统安全,Linux提供一个管理员组,只有属于这个组的用户才能使用su命令获得root权限,这个组通常为wheel。
   为了实现属于wheel组的用户才具有root权限,需要两个步骤:

    1、将用户添加只wheel组:usermod -G wheel username
    2、修改/etc/pam.d/su, 添加
        auth required pam_wheel.so use_uid


The wheel group is a legacy from UNIX. When a server had to be maintained at a higher level than the day-to-day system administrator, root rights were often required. The 'wheel' group was used to create a pool of user accounts that were allowed to get that level of access to the server. If you weren't in the 'wheel' group, you were denied access to root. I'll show a couple of ways to use membership of 'wheel' to limit the amount of havoc you can wreck on your system.
Most modern-day Linux distro's still use this concept of grouping people to assign different levels of administrative access, but to my knowledge the 'wheel' group is not necessarily used to that purpose. I like to be old-fashioned from time to time, and so I resurrected the use of 'wheel'. Add yourself to wheel when creating your account (use 'wheel' as your primary group) or use vigr to edit the file /etc/group and put your name to the end of the line starting with wheel - like this:

wheel::10:root,alien

The vigr command is a safe way of editing the group file in a multi-user environment. Of course, if there's no one working on your box except yourself, you might just as well use plain vi.

阅读(2367) | 评论(0) | 转发(0) |
0

上一篇:linux用户管理相关操作

下一篇:sudoers文件

给主人留下些什么吧!~~