restricting user who can su to root


Env: OpenSuSE 11.1

I want to restrict users who can su to root by using module.
So, I edited /etc/pam.d/su to following.

auth sufficient
auth required use_uid
auth include common-auth
account include common-account
password include common-password
session include common-session
session optional

But, a user who is not belong to wheel group still can su to root…

Please help!

The simple answer is to change the root password and don’t tell any users - or only those whom you want to be able to use su.

But why would a user need to use su?