1, switch user command su (Substitute User)
Format: su [-] User Name (the "-" Initialize environment variables, no "-" environment variable does not change)
2, View su operating record
Security log file: / var / log / secure
Example: tac / var / log / secure | less
3, the sudo command to elevate privileges
(1) role: as a different user (default as root) command authorization
(2) Usage:
sudo command authorization
The default setting for the first time you do need to enter the current user's login password, you do not need to enter a password when performing sudo command again in 5 minutes
(3) Configuration sudo authorization
● Method 1: Add a single authorized user sudo
visudo or vi / etc / sudoers (the same effect), arranged to add the contents of
Format: "!" User list of host names = command program list, Command Adding that "in addition to" command
● Method 2: Volume Licensing
wheel set (the user wishes to mention the right to join the wheel group)
Aliases
According to an example and the actual demand, set the alias. (Recommended to copy lines, modified paste)
After setting an alias, after adding format: user aliases host alias = command aliases (aliases are all uppercase)
(4) See recording operation sudo
● Method:
Step: visudo or vi / etc / sudoers add "Defaults logfile = / var / log / sudo"
Step Two: cat / var / log / sudo
(5) inquiry authorized to operate sudo -l
Overview of
Linux-PAM (linux Pluggable Authentication Module): an efficient and flexible and convenient user-level authentication, authentication linux server is currently widely used. Provide central authentication mechanism for all the services for login, remote login (telnet, ftp, etc.), su-peer applications. (On the concept that we can be very authoritative Baidu Encyclopedia)
Linux system certification request process is generally (to his home made Photo):
pam.d folder contents
facie constitute pam
As a first type of authentication
auth: authentication management information, such as receiving a user name and password, authenticates the password is correct
account: account management, check whether the account is disabled, whether to allow login system, has expired, if there are restrictions
session: session management, before the user logs management and billing and session after the user exits
password: password management, is mainly used to modify a user's password
The second type of control as
required: verification continues to fail, but fail to return
requisite: the entire verification process is immediately ended when the validation fails, returns fail
sufficient: the validation is successful then immediately returns, not to continue, or continue to ignore the results of the verification
optional: for verifying not only the display information (the type commonly used for session session)
include: no authentication, go behind PAM module for authentication