1. With regard to the relevant authority su involves two files, respectively, /etc/pam.d/su
and /etc/login.defs
two configuration files.
2. prohibit ordinary users su root, or configured as follows:
/Etc/pam.d/su file to remove the following line in the comments, you can save out ( with immediate effect ):
Results are as follows:
3. prohibit ordinary users su to root, but want to specify a normal user su to root
Add the following configuration items in /etc/login.defs file, hold-out ( with immediate effect ):
SU_WHEEL_ONLY yes
You will need to add su to the root user's username to the wheel group, our admin, for example:
[root@localhost ~]# usermod -G wheel admin
Results are as follows: