Allow only members of Wheel group to use su command on RHEL/CentOS
In this tutorial we will learn,how to allow only members of Wheel group to use su command.Means only members of wheel group can switch to another user by using su command.As we know that in Red Hat based operating system, wheel group is a special administrative group.
To allow only Wheel group’s member to use su command, follow the given below steps
In this method, we will edit the PAM file.
Step 1 : Add some user to wheel group by using
usermod
command. Select only those user which you want to allow using su
command
Syntax:
1
|
usermod -a -G wheel username
|
For eg. We are adding user sharad in group called wheel
1
2
3
4
|
[root@localhost ~]# usermod -a -G wheel sharad
[root@localhost ~]# id sharad
uid=500(sharad) gid=500(sharad) groups=500(sharad),10(wheel)
[root@localhost ~]#
|
Step 2: Edit the /etc/pam.d/su file. We suggest you to also take the backup of /etc/pam.d/su file in your Desktop or some other path in system.
Taking backup of /etc/pam.d/su file
1
|
cp -p /etc/pam.d/su /root/etc-pamd-su
|
Editing /etc/pam.d/su file
Uncomment given below line in /etc/pam.d/su
1
|
auth required pam_wheel.so use_uid
|
See below given screenshot of /etc/pam.d/su after editing
Reference: /etc/pam.d/su file edited in operating system CentOS 6.5.
Reference: /etc/pam.d/su file edited in operating system CentOS 6.5.
In below given section user called test is not able to use
su
command. The reason is , user test is not member of wheel group.
1
2
3
4
5
6
7
8
9
10
11
|
[test@localhost ~]$ id test
uid=501(test) gid=501(test) groups=501(test)
[test@localhost ~]$
[test@localhost ~]$ su
Password:
su: incorrect password
[test@localhost ~]$
[test@localhost ~]$ su -l sharad
Password:
su: incorrect password
[test@localhost ~]$
|
No comments:
Post a Comment