root 계정으로 로그인해 작업하는 것은 바람직하지 않음
$ su [-] [사용자명]
- 옵션에 주의
- 옵션 없이 su 명령을 사용하면, 원래 사용자의 환경을 그대로 가진채 root 권한을 갖게 됨.- 옵션과 함께 사용하면, root 계정으로 로그인한 상태가 됨 (즉, 디렉터리 위치도 /root로 이동하고, 환경변수도 초기화됨)/etc/pam.d/su#auth required pam_wheel.so use_uidusermod -G wheel username$ sudo tail /var/log/secure
Mar 17 23:52:31 jongpak.host su: pam_succeed_if(su-l:auth): requirement "uid >= 500" not met by user "root"
Mar 17 23:52:58 jongpak.host su: pam_unix(su-l:session): session opened for user root by irteamsu(uid=0)
Mar 17 23:53:27 jongpak.host su: pam_unix(su-l:session): session closed for user root
Mar 18 00:02:31 jongpak.host sshd[2633]: Did not receive identification string from 10.112.129.220 port 22320
Mar 18 00:12:31 jongpak.host sshd[3302]: Did not receive identification string from 10.112.129.220 port 46010
Mar 18 00:22:30 jongpak.host sshd[3801]: Did not receive identification string from 10.112.129.220 port 44452
Mar 18 00:25:12 jongpak.host su: pam_unix(su:auth): authentication failure; logname=irteamsu uid=11000 euid=0 tty=pts/0 ruser=irteamsu rhost= user=root
Mar 18 00:25:12 jongpak.host su: pam_succeed_if(su:auth): requirement "uid >= 500" not met by user "root"
Mar 18 00:27:43 jongpak.host su: pam_unix(su-l:auth): authentication failure; logname=irteamsu uid=11000 euid=0 tty=pts/0 ruser=irteamsu rhost= user=root
Mar 18 00:27:43 jongpak.host su: pam_succeed_if(su-l:auth): requirement "uid >= 500" not met by user "root"