In general, the average user can log on as the root user to configure the system at the administrator level by executing the "Su-" command and entering the correct root password.
However, in order to further enhance the security of the system, it is necessary to establish a group of administrators, only allow users of this group to execute the "Su-" command to log on as the root user, and let other groups of users even if the "Su-", entered the correct root password, can not log into the root user. Under UNIX and Linux, the name of this group is usually "wheel".
1: Add a user
[Email protected] ~]# Useradd Dongee
[Email protected] ~]# passwd Dongee
2: Add Dongee user to Wheel Group:
[[email protected] ~]# usermod-g wheel dongee← Add the general user Dongee in the Administrators group wheel Group
3: Modify the/ETC/PAM.D/SU configuration
[[email protected] ~]# vi/etc/pam.d/su← Open this configuration file
#auth Required pam_wheel.so use_uid← Find this trip, remove the "#" from the beginning of the line
4: Modify the/etc/login.defs file
[[email protected] ~]# echo "su_wheel_only yes" >>/etc/login.defs← add statement to the end of the line after the completion of the operation, you can create a new user, and then use this new user test will find that Users who are not joined to the wheel group, execute the "Su-" command and cannot log in as root even if the correct root password is entered.
This article is from the "Baby God" blog, make sure to keep this source http://babyshen.blog.51cto.com/8405584/1579084
Linux prohibits ordinary users from switching to the root user using Su