Difference between revisions of "Redhat7:privileges"
| Line 5: | Line 5: | ||
Given the root prompt, the user becomes the root user and has all privileges of the root user. The root user hbas the authority to change users and settings across the system without requiring a password. | Given the root prompt, the user becomes the root user and has all privileges of the root user. The root user hbas the authority to change users and settings across the system without requiring a password. | ||
| − | Given the level of access available from the root user, such rights | + | Given the level of access available from the root user, such rights should be restricted to specific users. The simplest way to achieve this is to add those users who should have access to a special group called 'wheel', and can be done using the user commands. |
<syntaxhighlight> | <syntaxhighlight> | ||
usermod -G wheel <username> | usermod -G wheel <username> | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | After you add the desired users to the wheel group, it is advisable to only allow these specific users to use the <tt>su</tt> command. To do this, edit the PAM configuration file for <tt>s</tt>u, <tt>/etc/pam.d/su</tt>. Open this file in a text editor and uncomment the following line by removing the # character: | ||
| + | |||
| + | <syntaxhighlight> | ||
| + | #auth required pam_wheel.so use_uid | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Latest revision as of 11:08, 23 February 2015
The SU Command
When the SU command is executed by a user they are asked for the root password. Once the password is given they are presented with the root shell.
Given the root prompt, the user becomes the root user and has all privileges of the root user. The root user hbas the authority to change users and settings across the system without requiring a password.
Given the level of access available from the root user, such rights should be restricted to specific users. The simplest way to achieve this is to add those users who should have access to a special group called 'wheel', and can be done using the user commands.
usermod -G wheel <username>After you add the desired users to the wheel group, it is advisable to only allow these specific users to use the su command. To do this, edit the PAM configuration file for su, /etc/pam.d/su. Open this file in a text editor and uncomment the following line by removing the # character:
#auth required pam_wheel.so use_uid