InfrastructureConstruction:RHEL8:AccessControl-pam.d-su
71.アクセス管理-pam.d-su
/etc/pam.d/su設定
#変更 vi /etc/pam.d/su
/etc/pam.d/su設定詳細
ハイライト行を変更する。
wheelグループのユーザのみ、suによるrootユーザへの昇格を許可する。
wheelグループのユーザーでログインし、その後でsuコマンドでwheelグループのユーザーになった場合はNG。
#%PAM-1.0 auth required pam_env.so auth sufficient pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. auth required pam_wheel.so root_only auth substack system-auth auth include postlogin account sufficient pam_succeed_if.so uid = 0 use_uid quiet account include system-auth password include system-auth session include system-auth session include postlogin session optional pam_xauth.so
http://wordpress.honobono-life.info/security/suコマンドによるrootへのスイッチを制限する/
初期値
#%PAM-1.0 auth required pam_env.so auth sufficient pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. auth required pam_wheel.so use_uid auth substack system-auth auth include postlogin account sufficient pam_succeed_if.so uid = 0 use_uid quiet account include system-auth password include system-auth session include system-auth session include postlogin session optional pam_xauth.so
InfrastructureConstruction/RHEL8/AccessControl-pam.d-su.txt · 最終更新: 2021/01/01 by 127.0.0.1