问题现象
使用su命令时输入密码后提示权限限制,确认密码是正确的
su root
Password:
su: permission denied
解决办法
改变用户分组,将用户添加进wheel分组
#语法
# usermod [-G] [GroupName] [UserName]
usermod -G wheel username
修改/etc/pam.d/su
vim /etc/pam.d/su
原文件如下
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth required pam_wheel.so use_uid
auth substack system-auth
auth include postlogin
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session include postlogin
session optional pam_xauth.so
修改如下图选中行,注释掉
原因分析
PAM(Pluggable Authentication Modules)负责系统中很多应用程序的登录认证,安全设置问题
附录
查看用户当前分组
#语法
# id username
id user1
#执行结果如下
uid=1008(user1) gid=1008(user1) groups=1008(user1),1012(mygroup)