入门
在一次处理su切换的问的时候出现一个问题,
[cheng1@localhost ~]$ su cheng2 密码: su: 鉴定故障 [cheng1@localhost ~]$
试过很多次, 也是这样, 还找了很多文章, 那些哥们说的基本都是加sudo, 当然, 没效果。
后来查着查着发现su有一个wheel组和/etc/pam.d/su, 呃...
先看一下/etc/pam.d/su长什么样子
[root@localhost home]# cat -n /etc/pam.d/su
1 #%PAM-1.0
2 auth sufficient pam_rootok.so
3 # Uncomment the following line to implicitly trust users in the "wheel" group.
4 auth sufficient pam_wheel.so trust use_uid
5 # Uncomment the following line to require a user to be in the "wheel" group.
6 #auth required pam_wheel.so use_uid
7 auth substack system-auth
8 auth include postlogin
9 account sufficient pam_succeed_if.so uid = 0 use_uid quiet
10 account include system-auth
11 password include system-auth
12 session include system-auth
13 session include postlogin
14 session optional pam_xauth.so
[root@localhost home]#
第四行, 这家伙搞的鬼
下面引入Jan哥的一篇文章(非原创):Linux 中的 wheel 组和 staff 组
看了这个一切都明白了
就是服务器限制了su使用权限, 没办法, 也不能直接取消这个配置, 那么就直接把需要su的账号扔进wheel组里面
[root@localhost home]# usermod -G wheel cheng1 [root@localhost home]#
是G不是g, G是追加一个组, 而g是直接修改组, 区别很大
然后就一步达成了
[cheng1@localhost ~]$ su cheng2 [cheng2@localhost cheng1]$
区别出来了
[root@localhost home]# id cheng1 && id cheng2 uid=1002(cheng1) gid=1002(cheng1) 组=1002(cheng1),10(wheel) uid=1003(cheng2) gid=1003(cheng2) 组=1003(cheng2)