su - root輸入了正確的密碼但是一直報錯,密碼肯定是輸入對的。這主要是因為權限的問題導致的。
Linux里面有一個文件,/etc/pam.d/su文件。
[chaofan@master ~]$ cat /etc/pam.d/su
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth substack system-auth
auth include postlogin
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session include postlogin
session optional pam_xauth.so
主要是看第5、6這兩行。如果把第6行注釋打開了,那么只有那些加入了wheel組的普通用戶才可以使用su - root來切換到root用戶,比如如下所示:
現在有兩個用戶,一個是chaofeng,一個是chaofan。這兩個用戶中,chaofeng是加入到了wheel組里面的,如下所示:
[root@master ~]# id chaofeng
uid=1000(chaofeng) gid=1000(chaofeng) groups=1000(chaofeng),10(wheel)
[root@master ~]# id chaofan
uid=1001(chaofan) gid=1001(chaofan) groups=1001(chaofan)
然后現在我處於chaofeng這個用戶登錄的終端里面,執行su - root
[root@master ~]# su - chaofeng
Last login: Thu Jul 2 11:40:15 CST 2020 on pts/1
[chaofeng@master ~]$ su - root
Password:
Last login: Thu Jul 2 11:40:21 CST 2020 on pts/1
Last failed login: Thu Jul 2 11:42:33 CST 2020 on pts/1
There were 3 failed login attempts since the last successful login.
[root@master ~]# # 看的出來我現在登錄成功了
接着現在我處於chaofan這個用戶登錄的終端里面,再次執行su - root嘗試
[root@master ~]# su - chaofan
Last login: Thu Jul 2 11:42:19 CST 2020 on pts/1
[chaofan@master ~]$ su - root
Password:
su: Permission denied
[chaofan@master ~]$
我可以保證輸入的root用戶的密碼是沒有錯誤的,但是一直報錯“su: Permission denied”。
所以從這里可以看出來/etc/pam.d/su我們去掉的這一行的作用所在了。