From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <serpiph@nikiet.ru>
From: Epiphanov Sergei <serpiph@nikiet.ru>
To: ALT Linux Sisyphus discussion list <sisyphus@altlinux.org>
Subject: Re: [sisyphus] =?koi8-r?b?0M/MydTJy8E=?=
	=?koi8-r?b?IMLF2s/QwdPOz9PUyQ==?=
Date: Fri, 18 Nov 2005 15:35:05 +0300
User-Agent: KMail/1.8.1
References: <437DC87E.7090107@ukr.net>
In-Reply-To: <437DC87E.7090107@ukr.net>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="koi8-r"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Message-Id: <200511181535.05170.serpiph@nikiet.ru>
Cc: 
X-BeenThere: sisyphus@lists.altlinux.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: ALT Linux Sisyphus discussion list <sisyphus@lists.altlinux.org>
List-Id: ALT Linux Sisyphus discussion list <sisyphus.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus>,
	<mailto:sisyphus-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sisyphus>
List-Post: <mailto:sisyphus@lists.altlinux.org>
List-Help: <mailto:sisyphus-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus>,
	<mailto:sisyphus-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Nov 2005 12:32:27 -0000
Archived-At: <http://lore.altlinux.org/sisyphus/200511181535.05170.serpiph@nikiet.ru/>
List-Archive: <http://lore.altlinux.org/sisyphus/>
List-Post: <mailto:sisyphus@altlinux.ru>

В сообщении от Friday 18 November 2005 15:26 Serge написал(a):
> Доброго дня всем.
> Подскажите, как корректно настроить политику безопасности, чтоб
> локальному юзеру можно было выполнять su, sudo, etc...
>
> конкретизирую проблему:
> $ su -
> -bash: /bin/su: Permission denied
>
> $ ls -al /bin/su
> -rws--x--- 1 root wheel 18960 Окт  4 18:33 /bin/su
>
> $ id
> uid=500(user1) gid=500(user1)
> группы=0(root),19(proc),22(cdrom),80(cdwriter),81(audio),83(radio),500(use
>r1),504(wheel)
>
> # cat su
> #%PAM-1.0
> auth     sufficient     pam_rootok.so
> # Uncomment the following line to implicitly trust users in the "wheel"
> group.
> #auth     sufficient    pam_wheel.so debug use_uid group=wheel trust
> # Uncomment the following line to require a user to be in the "wheel"
> group. #auth     required      pam_wheel.so debug use_uid group=wheel
> # Uncomment the following line to implicitly trust users with same user
> id. #auth     sufficient    pam_sameuid.so debug
> auth     include        system-auth
> account  include        system-auth
> password required       pam_deny.so
> session  include        system-auth
> session  optional       pam_xauth.so

man control

-- 
С уважением, Епифанов Сергей