[root@SERVER /bin]$ ls -atl /bin/su
-rwsr-xr-x 1 root root 74651 4월 11 2006 /bin/su
[root@SERVER /bin]$ ls -al /bin/su
-rwsr-xr-x 1 root root 74651 4월 11 2006 /bin/su
[root@SERVER /bin]$ chmod 4750 /bin/su
[root@SERVER /bin]$ ls -al /bin/su
-rwsr-x--- 1 root root 74651 4월 11 2006 /bin/su
--- 권한에 s 권한이 있어야 됨..
[root@SERVER /bin]$ chmod +s /bin/su
[root@SERVER /bin]$ ls -al /bin/su
-rwsr-s--- 1 root wheel 74651 4월 11 2006 /bin/su
[root@SERVER /bin]$ chgrp wheel /bin/su
[root@SERVER /bin]$ ls -al /bin/su
-rwxr-x--- 1 root wheel 74651 4월 11 2006 /bin/su
[root@SERVER /bin]$ cd /etc/pam.d/
[root@SERVER /etc/pam.d]$ ls -al /etc/pam.d/su
-rw-r--r-- 1 root root 936 4월 11 2006 /etc/pam.d/su
[root@SERVER /etc/pam.d]$ vi /etc/pam.d/su 파일 수정 아래 내용 추가
해당 주석을 제거하면 wheel 그룹에 있는 아이디만 su 명령어를 사용할 수 있게 하는부분
auth required /lib/security/$ISA/pam_wheel.so use_uid
auth required /lib/security/$ISA/pam_wheel.so allow group=wheel
[root@SERVER /etc/pam.d]$ cat /etc/pam.d/su
#%PAM-1.0
auth sufficient /lib/security/$ISA/pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth required /lib/security/$ISA/pam_wheel.so use_uid
auth required /lib/security/$ISA/pam_stack.so service=system-auth
account required /lib/security/$ISA/pam_stack.so service=system-auth
password required /lib/security/$ISA/pam_stack.so service=system-auth
# pam_selinux.so close must be first session rule
session required /lib/security/$ISA/pam_selinux.so close
session required /lib/security/$ISA/pam_stack.so service=system-auth
# pam_selinux.so open and pam_xauth must be last two session rules
session required /lib/security/$ISA/pam_selinux.so open
session optional /lib/security/$ISA/pam_xauth.so
/etc/group 파일에 사용자 계정 추가하기
wheel:x:10:root,user1, user2
