Hi, I am trying to set up my system to restrict su access to specific accounts to members of groups that correlate. For example, only members of root_members can su to root; only members of web_members can su to user web, etc. The most popular way of doing this in Linux seems to be to set up /etc/pam.d/su with something like the following: auth sufficient /lib/security/pam_stack.so service=root-members auth sufficient /lib/security/pam_stack.so service=web-members auth required /lib/security/pam_deny.so The /etc/pam.d/root-members and /etc/pam.d/web-members would then look like this: # root-members auth required /lib/security/pam_wheel.so use_uid group=root_members auth required /lib/security/pam_listfile.so item=user sense=allow onerr=fail file=/etc/membergroups/root # web-members auth required /lib/security/pam_wheel.so use_uid group=web_members auth required /lib/security/pam_listfile.so item=user sense=allow onerr=fail file=/etc/membergroups/web And /etc/membergroups/web and /etc/membergroups/root contain just the username "web" and "root" respectively. Thus, in order to use the su command you must be in a group that can su to a user, and you must be trying to su to the correct user associated with that group. If those conditions are met, then these are sufficient for authentication. My question is this: SuSE Linux does not have the pam_stack.so module. Is there a "workalike" module I could use? Or in the absence of that, does anyone have any suggestions as to how I might accomplish the same thing in a different fashion. Thanks, Paul