22 Mar
2001
22 Mar
'01
18:01
Bob Vickers wrote:
A very similar discussion was held on this list in October and the conclusion was that 2 of the documented ways of doing this (/etc/suauth and PAM) did not work. Of course, things may have changed now. Have the people suggesting PAM actually tried it and confirmed that it does indeed restrict who can su to root?
I couldn't find the thread in the archives, but the PAM way definitely works on SuSE7, with caveats... ...you have to add the username to the wheel group in /etc/group, for some reason it's not enough to make the primary group wheel. And you can't su to a member of the wheel group, then su root either.
Of course, changing the permissions of the su program works fine.
Bob
William