三歩あるけば物も忘れる

私メタボックル!お腹のお肉の妖精さ!

ユーザ用ツール

サイト用ツール


InfrastructureConstruction:RHEL8:AccessControl-pam.d-su

71.アクセス管理-pam.d-su

/etc/pam.d/su設定

#変更
vi /etc/pam.d/su

/etc/pam.d/su設定詳細

ハイライト行を変更する。
wheelグループのユーザのみ、suによるrootユーザへの昇格を許可する。
wheelグループのユーザーでログインし、その後でsuコマンドでwheelグループのユーザーになった場合はNG。

#%PAM-1.0
auth            required        pam_env.so
auth            sufficient      pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth           sufficient      pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth            required        pam_wheel.so root_only
auth            substack        system-auth
auth            include         postlogin
account         sufficient      pam_succeed_if.so uid = 0 use_uid quiet
account         include         system-auth
password        include         system-auth
session         include         system-auth
session         include         postlogin
session         optional        pam_xauth.so

http://wordpress.honobono-life.info/security/suコマンドによるrootへのスイッチを制限する/

初期値

#%PAM-1.0
auth            required        pam_env.so
auth            sufficient      pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth           sufficient      pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth            required        pam_wheel.so use_uid
auth            substack        system-auth
auth            include         postlogin
account         sufficient      pam_succeed_if.so uid = 0 use_uid quiet
account         include         system-auth
password        include         system-auth
session         include         system-auth
session         include         postlogin
session         optional        pam_xauth.so

InfrastructureConstruction/RHEL8/AccessControl-pam.d-su.txt · 最終更新: 2022/05/27 by 127.0.0.1