rhel5下限值用户使用su切换身份

rhel5默认情况下，任何用户都可以用su切换身份。为了安全我们可以做如下限值：

1：编辑文件 /etc/pam.d/su，修改源文件如下

#%PAM-1.0
auth            sufficient      pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth           sufficient      pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth            required        pam_wheel.so use_uid
auth            include         system-auth
account         sufficient      pam_succeed_if.so uid = 0 use_uid quiet
account         include         system-auth
password        include         system-auth
session         include         system-auth
session         optional        pam_xauth.so

2：编辑 /etc/group文件，把可以执行su的用户加入到wheel组即可