All Unix and Linux system will ship with different default policies. Usually these policies don’t match the local policies, such as which users are allowed what kind of access to which resources and when. In addition security policies may require non-default authentication and/or logging.
A system administrator must examine the system’s configuration files and update them if necessary to enforce local policies. On modern systems
PAM (Pluggable Authentication Modules) can be used to configure a wide range of security policies, including which databases to use to authenticate users, minimum password length, max login attempts, special permissions for console users (to various commands and devices), and many other policies.wheel group policyThe
wheel group enables us to define several system administrators and none of them need the root password. The group wheel was first used this way in Unix systems, but by using PAM any system can enable this handy feature. With proper PAM configuration any member of group wheel can become root by using the su command without supplying any password.Step by step:
1) Create a user who will work as a trusted users and assign password to that user.
#useradd master
#password master
2) Add this user in to wheel group’s member list.
#usermod -a -G wheel master
or
#usermod -G wheel master
3) Edit PAM configuration file for su that is /etc/pam.d/su and uncomment line
auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid
This will allow users in wheel group as a trusted users.
4) Now Login with user master and run command
#su -
By this master user can su to root without applying password.
No comments:
Post a Comment