1
2
3
4
5
6
# 设置连续输错三次密码,账号锁定五分钟, /etc/pam.d/common-auth添加
auth required pam_tally.so onerr=fail deny=3 unlock_time=300


# 只允许test组用户su到root,则etc/pam.d/su添加
auth required pam_wheel.so group=test