Differences between revisions 5 and 6
Revision 5 as of 2014-06-18 12:52:52
Size: 901
Editor: MarioBar
Comment: pam_wheel used to restrict the execution of su.
Revision 6 as of 2014-06-18 14:37:24
Size: 908
Editor: MarioBar
Comment:
Deletions are marked like this. Additions are marked like this.
Line 7: Line 7:
Setting up the '''pam_wheel''' module can be done simply by editing /etc/pam.d/su and (optionally) adding a wheel group. Set up the '''pam_wheel''' module to restrict the execution of su, editing /etc/pam.d/su and (optionally) adding a wheel group.

Pam Wheel

Introduction

Set up the pam_wheel module to restrict the execution of su, editing /etc/pam.d/su and (optionally) adding a wheel group.

The root group will be checked if the wheel group does not exist, but it is recommended to leave that group to root alone.

Restrict the execution of su

With root privileges uncomment the following line in /etc/pam.d/su, by removing the leading '#':

#auth       required pam_wheel.so

That's all for the file and no user can execute su anymore. This is the most secure configuration.

Allow a user to execute su

After having restricted the execution of su, create the group wheel with root privileges:

# groupadd wheel

And then add user_name to that group:

# usermod -G wheel user_name

From now user_name can execute su.