Este conteúdo não está disponível no idioma selecionado.

Chapter 4. Gaining Privileges


System administrators (and in some cases users) will need to perform certain tasks with administrative access. Accessing the system as root is potentially dangerous and can lead to widespread damage to the system and data. This chapter covers ways to gain administrative privileges using the su and sudo programs. These programs allow specific users to perform tasks which would normally be available only to the root user while maintaining a higher level of control and system security.
See the Red Hat Enterprise Linux 6 Security Guide for more information on administrative controls, potential dangers and ways to prevent data loss resulting from improper use of privileged access.

4.1. The su Command

When a user executes the su command, they are prompted for the root password and, after authentication, are given a root shell prompt.
Once logged in via the su command, the user is the root user and has absolute administrative access to the system[1]. In addition, once a user has become root, it is possible for them to use the su command to change to any other user on the system without being prompted for a password.
Because this program is so powerful, administrators within an organization may want to limit who has access to the command.
One of the simplest ways to do this is to add users to the special administrative group called wheel. To do this, type the following command as root:
~]# usermod -a -G wheel username
In the previous command, replace username with the user name you want to add to the wheel group.
You can also use the User Manager to modify group memberships, as follows. Note: you need Administrator privileges to perform this procedure.
  1. Click the System menu on the Panel, point to Administration and then click Users and Groups to display the User Manager. Alternatively, type the command system-config-users at a shell prompt.
  2. Click the Users tab, and select the required user in the list of users.
  3. Click Properties on the toolbar to display the User Properties dialog box (or choose Properties on the File menu).
  4. Click the Groups tab, select the check box for the wheel group, and then click OK.
See Section 3.2, “Managing Users via the User Manager Application” for more information about the User Manager.
After you add the desired users to the wheel group, it is advisable to only allow these specific users to use the su command. To do this, you will need to edit the PAM configuration file for su: /etc/pam.d/su. Open this file in a text editor and remove the comment (#) from the following line:
#auth           required        pam_wheel.so use_uid
This change means that only members of the administrative group wheel can switch to another user using the su command.

Note

The root user is part of the wheel group by default.


[1] This access is still subject to the restrictions imposed by SELinux, if it is enabled.
Red Hat logoGithubRedditYoutubeTwitter

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Ajudamos os usuários da Red Hat a inovar e atingir seus objetivos com nossos produtos e serviços com conteúdo em que podem confiar.

Tornando o open source mais inclusivo

A Red Hat está comprometida em substituir a linguagem problemática em nosso código, documentação e propriedades da web. Para mais detalhes veja oBlog da Red Hat.

Sobre a Red Hat

Fornecemos soluções robustas que facilitam o trabalho das empresas em plataformas e ambientes, desde o data center principal até a borda da rede.

© 2024 Red Hat, Inc.