| [1] | Create an admin user. |
|
[root@dlp ~]#
useradd cent
[root@dlp ~]#
passwd cent
Changing password for user cent. New UNIX password:
# set password
Retype new UNIX password:
# Confirm
passwd: all authentication tokens updated successfully. [root@dlp ~]#
# logout
|
| [2] | Try to switch to a user that was added above. |
|
dlp login:
cent
# input user name
password:
# password
[cent@dlp ~]$
su -
# switch to root
Password:
# root password
[root@dlp ~]#
# just switched to root
|
| [3] | Make a user (it's 'cent' in this example) be only a user who can switch to root as an administration user. |
|
[root@dlp ~]#
vi /etc/group
# line 11: add user name
wheel:x:10:root
,cent
[root@dlp ~]#
#%PAM-1.0
vi /etc/pam.d/su
auth
sufficient
pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group. #auth
sufficient
pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
# uncomment the following line
auth
required
pam_wheel.so use_uid
auth
include
system-auth
account
sufficient
pam_succeed_if.so uid = 0 use_uid quiet
account
include
system-auth
password
include
system-auth
session
include
system-auth
session
optional
pam_xauth.so
|
|
Forwarding email for root to administration user
|
| [4] | Configure that forwarding emails for root to administration user you set above. |
[root@dlp ~]#
vi /etc/aliases
# Person who should get root's mail
root:
[root@dlp ~]#
# last line: uncomment and change to a user
root:
cent
# Configuration change
Post a Comment