From: Epiphanov Sergei <serpiph@nikiet.ru>
To: ALT Linux Sisyphus discussion list <sisyphus@altlinux.org>
Subject: Re: [sisyphus] политика безопасности
Date: Fri, 18 Nov 2005 15:35:05 +0300
Message-ID: <200511181535.05170.serpiph@nikiet.ru> (raw)
In-Reply-To: <437DC87E.7090107@ukr.net>
В сообщении от Friday 18 November 2005 15:26 Serge написал(a):
> Доброго дня всем.
> Подскажите, как корректно настроить политику безопасности, чтоб
> локальному юзеру можно было выполнять su, sudo, etc...
>
> конкретизирую проблему:
> $ su -
> -bash: /bin/su: Permission denied
>
> $ ls -al /bin/su
> -rws--x--- 1 root wheel 18960 Окт 4 18:33 /bin/su
>
> $ id
> uid=500(user1) gid=500(user1)
> группы=0(root),19(proc),22(cdrom),80(cdwriter),81(audio),83(radio),500(use
>r1),504(wheel)
>
> # cat su
> #%PAM-1.0
> auth sufficient pam_rootok.so
> # Uncomment the following line to implicitly trust users in the "wheel"
> group.
> #auth sufficient pam_wheel.so debug use_uid group=wheel trust
> # Uncomment the following line to require a user to be in the "wheel"
> group. #auth required pam_wheel.so debug use_uid group=wheel
> # Uncomment the following line to implicitly trust users with same user
> id. #auth sufficient pam_sameuid.so debug
> auth include system-auth
> account include system-auth
> password required pam_deny.so
> session include system-auth
> session optional pam_xauth.so
man control
--
С уважением, Епифанов Сергей
next prev parent reply other threads:[~2005-11-18 12:35 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-18 12:26 Serge
2005-11-18 12:35 ` Epiphanov Sergei [this message]
2005-11-18 12:36 ` Epiphanov Sergei
2005-11-18 12:57 ` Serge
2005-11-18 14:52 ` Andrey Rahmatullin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200511181535.05170.serpiph@nikiet.ru \
--to=serpiph@nikiet.ru \
--cc=sisyphus@altlinux.org \
--cc=sisyphus@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Sisyphus discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sisyphus/0 sisyphus/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sisyphus sisyphus/ http://lore.altlinux.org/sisyphus \
sisyphus@altlinux.ru sisyphus@altlinux.org sisyphus@lists.altlinux.org sisyphus@lists.altlinux.ru sisyphus@lists.altlinux.com sisyphus@linuxteam.iplabs.ru sisyphus@list.linux-os.ru
public-inbox-index sisyphus
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sisyphus
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git