[1] | Create an admin user. |
[root@dlp ~]#
useradd fermi
[root@dlp ~]# passwd fermi
Changing password for user fermi. # set password
Retype new UNIX password: # Confirm
passwd: all authentication tokens updated successfully. # logout
|
[2] | Try to switch to a user that was added above. |
dlp login:
fermi
# input user name
password: # password
[fermi@dlp ~]$ su –
# switch to root
Password: # root password
[root@dlp ~]# # just switched to root
|
[3] | Make a user (it’s ‘fermi’ in this example) be only a user who can switch to root as an administration user. |
[root@dlp ~]#
vi /etc/group
# line 11: add user name
wheel:x:10:root ,fermi
[root@dlp ~]# vi /etc/pam.d/su
#%PAM-1.0 sufficient
pam_rootok.so
# Uncomment the following line to implicitly trust users in the “wheel” group. sufficient
pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the “wheel” group. # uncomment the following line
auth required
pam_wheel.so use_uid
auth include
system-auth
account sufficient
pam_succeed_if.so uid = 0 use_uid quiet
account include
system-auth
password include
system-auth
session include
system-auth
session optional
pam_xauth.so
|
Forwarding email for root to administration user
|
[4] | Configure that forwarding emails for root to administration user you set above. |
[root@dlp ~]#
vi /etc/aliases
# Person who should get root’s mail
# last line: uncomment and change to a user
root:
fermi
[root@dlp ~]#
# Configuration change
Advertisements