Objective: Restrict the use of su by limiting access to a certain group of users.
To restrict only members of the wheel group to use the su command, add the following entry to /etc/pam.d/su file.
|
1 |
auth required pam_wheel.so group=wheel |
You will have to make sure that the above entry is appended below the rule using pam_rootok PAM module.
|
1 2 |
auth sufficient pam_rootok.so auth required pam_wheel.so group=wheel |
pam_rootok is a PAM module that authenticates the user if the UID is 0 (root).
If the wheel group does not exist on the system, pam_wheel will use the group with group id 0 which is usually the root group. On Ubuntu systems, wheel group is not created by default. To add the wheel to a system, user groupadd.
|
1 |
# groupadd wheel |
To add a user to the wheel group, use the usermod command.
|
1 |
# usermod -G wheel ibrahim |
If possible, use sudo instead of su as it provides better control and security.
Mohamed Ibrahim
ibrahim = { interested_in(unix, linux, android, open_source, reverse_engineering); coding(c, shell, php, python, java, javascript, nodejs, react); plays_on(xbox, ps4); linux_desktop_user(true); }
