Allow user1 to 「su - user2」 with
2018-12-14 本文已影响11人
RoyTien
current user caleb
target login user olivia
allow user caleb
to switch to user olivia
without password
su - olivia
-, -l, --login
Provide an environment similar to what the user would expect had the user
logged in directly.
When - is used, it must be specified before any username. For portability
it is recommended to use it as last option, before any username. The other
forms (-l and --login) do not have this restriction.
Add the following lines right below the auth sufficient pam_rootok.so
line in your /etc/pam.d/su
:
auth [success=ignore default=1] pam_succeed_if.so user = olivia
auth sufficient pam_succeed_if.so use_uid user = caleb