su - root输入了正确的密码但是一直报错,密码肯定是输入对的。这主要是因为权限的问题导致的。
Linux里面有一个文件,/etc/pam.d/su文件。
[chaofan@master ~]$ cat /etc/pam.d/su
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth substack system-auth
auth include postlogin
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session include postlogin
session optional pam_xauth.so
主要是看第5、6这两行。如果把第6行注释打开了,那么只有那些加入了wheel组的普通用户才可以使用su - root来切换到root用户,比如如下所示:
现在有两个用户,一个是chaofeng,一个是chaofan。这两个用户中,chaofeng是加入到了wheel组里面的,如下所示:
[root@master ~]# id chaofeng
uid=1000(chaofeng) gid=1000(chaofeng) groups=1000(chaofeng),10(wheel)
[root@master ~]# id chaofan
uid=1001(chaofan) gid=1001(chaofan) groups=1001(chaofan)
然后现在我处于chaofeng这个用户登录的终端里面,执行su - root
[root@master ~]# su - chaofeng
Last login: Thu Jul 2 11:40:15 CST 2020 on pts/1
[chaofeng@master ~]$ su - root
Password:
Last login: Thu Jul 2 11:40:21 CST 2020 on pts/1
Last failed login: Thu Jul 2 11:42:33 CST 2020 on pts/1
There were 3 failed login attempts since the last successful login.
[root@master ~]# # 看的出来我现在登录成功了
接着现在我处于chaofan这个用户登录的终端里面,再次执行su - root尝试
[root@master ~]# su - chaofan
Last login: Thu Jul 2 11:42:19 CST 2020 on pts/1
[chaofan@master ~]$ su - root
Password:
su: Permission denied
[chaofan@master ~]$
我可以保证输入的root用户的密码是没有错误的,但是一直报错“su: Permission denied”。
所以从这里可以看出来/etc/pam.d/su我们去掉的这一行的作用所在了。