From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: From: Epiphanov Sergei To: ALT Linux Sisyphus discussion list Subject: Re: [sisyphus] =?koi8-r?b?0M/MydTJy8E=?= =?koi8-r?b?IMLF2s/QwdPOz9PUyQ==?= Date: Fri, 18 Nov 2005 15:35:05 +0300 User-Agent: KMail/1.8.1 References: <437DC87E.7090107@ukr.net> In-Reply-To: <437DC87E.7090107@ukr.net> MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200511181535.05170.serpiph@nikiet.ru> Cc: X-BeenThere: sisyphus@lists.altlinux.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ALT Linux Sisyphus discussion list List-Id: ALT Linux Sisyphus discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Nov 2005 12:32:27 -0000 Archived-At: List-Archive: List-Post: В сообщении от Friday 18 November 2005 15:26 Serge написал(a): > Доброго дня всем. > Подскажите, как корректно настроить политику безопасности, чтоб > локальному юзеру можно было выполнять su, sudo, etc... > > конкретизирую проблему: > $ su - > -bash: /bin/su: Permission denied > > $ ls -al /bin/su > -rws--x--- 1 root wheel 18960 Окт 4 18:33 /bin/su > > $ id > uid=500(user1) gid=500(user1) > группы=0(root),19(proc),22(cdrom),80(cdwriter),81(audio),83(radio),500(use >r1),504(wheel) > > # cat su > #%PAM-1.0 > auth sufficient pam_rootok.so > # Uncomment the following line to implicitly trust users in the "wheel" > group. > #auth sufficient pam_wheel.so debug use_uid group=wheel trust > # Uncomment the following line to require a user to be in the "wheel" > group. #auth required pam_wheel.so debug use_uid group=wheel > # Uncomment the following line to implicitly trust users with same user > id. #auth sufficient pam_sameuid.so debug > auth include system-auth > account include system-auth > password required pam_deny.so > session include system-auth > session optional pam_xauth.so man control -- С уважением, Епифанов Сергей