1 Create an admin user.
[root@dlp ~]#useradd cent
[root@dlp ~]#passwd cent
Changing password for user cent.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@dlp ~]#exit
2 Try to switch to a user that was added above
dlp login:cent
password:
[cent@dlp ~]$su -
Password:
[root@dlp ~]#
[root@dlp ~]#useradd cent
[root@dlp ~]#passwd cent
Changing password for user cent.
New UNIX password:
# set password
# Confirm
[root@dlp ~]#exit
# logout
dlp login:cent
# input user name
# password
# switch to root
# root password
# just switched to root
3 Make a user (it's 'cent' in this example) be only a user who can switch to root
as an administration user.
[root@dlp ~]#usermod -G wheel cent
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth include system-auth
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session optional pam_xauth.so
[root@dlp ~]#vi /etc/pam.d/su
#%PAM-1.0auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
# uncomment the following line
auth required pam_wheel.so use_uidauth include system-auth
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session optional pam_xauth.so
4 Configure that forwarding emails for root to administration user you set above.
[root@dlp ~]#vi /etc/aliases
# Person who should get root's mail
[root@dlp ~]#newaliases # last line: uncomment and change to a user
root:cent # Configuration change
Comments
Post a Comment