~~NOCACHE~~
## 71.アクセス管理-pam.d-su
### /etc/pam.d/su設定
#変更
vi /etc/pam.d/su
### /etc/pam.d/su設定詳細
ハイライト行を変更する。
wheelグループのユーザのみ、suによるrootユーザへの昇格を許可する。
wheelグループのユーザーでログインし、その後でsuコマンドでwheelグループのユーザーになった場合はNG。
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth required pam_wheel.so root_only
auth substack system-auth
auth include postlogin
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session include postlogin
session optional pam_xauth.so
[[http://wordpress.honobono-life.info/security/suコマンドによるrootへのスイッチを制限する/|http://wordpress.honobono-life.info/security/suコマンドによるrootへのスイッチを制限する/]]
### 初期値
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth required pam_wheel.so use_uid
auth substack system-auth
auth include postlogin
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session include postlogin
session optional pam_xauth.so
{{tag>AWS RHEL 実践的}}