restricting user who can su to root

user · October 3, 2009, 5:13pm

Hello,

Env: OpenSuSE 11.1

I want to restrict users who can su to root by using pam_wheel.so module.
So, I edited /etc/pam.d/su to following.

#%PAM-1.0
auth sufficient pam_rootok.so
auth required pam_wheel.so use_uid
auth include common-auth
account include common-account
password include common-password
session include common-session
session optional pam_xauth.so

But, a user who is not belong to wheel group still can su to root…

Please help!

john_hudson · October 3, 2009, 9:49pm

The simple answer is to change the root password and don’t tell any users - or only those whom you want to be able to use su.

But why would a user need to use su?