|
Set Admin User
2011/03/05 |
| [1] | If you set root password and activated the root during installation, configure settings to limit users who switch to root. |
|
root@dlp:~# vi /etc/group # line 5: add users you allow to switch to root adm:x:4: root,squeeze root@dlp:~# vi /etc/pam.d/su # line 15: uncomment and add the follows auth required pam_wheel.so group=adm
|
| [2] | Try to switch to root from a user you set to allow. |
|
root@dlp:~# su - squeeze # switch to a user squeeze@dlp:~$ su - # switch to root Password: root@dlp:~# # normally done |
| [3] | Add a test user and try to confirm the user can not switch to root. |
|
root@dlp:~# adduser testuser # add test user Adding user `test' ... Adding new group `test' (1001) ... Adding new user `test' (1001) with group `test' ... Creating home directory `/home/test' ... Copying files from `/etc/skel' ... Enter new UNIX password: # set password Retype new UNIX password: # confirm passwd: password updated successfully Changing the user information for test Enter the new value, or press ENTER for the default Full Name []: test # input the name Room Number []: testuser # input any one Work Phone []: # input any one(it's Ok with empty) Home Phone []: # input any one(it's Ok with empty) Other []: # input any one(it's Ok with empty) Is the information correct? [y/N] y root@dlp:~# su - testuser # switch to the user testuser@dlp:~$ su - # switch to root Password: su: Permission denied testuser@dlp:~$ # normally access denied |