In this tutorial we will learn,how to allow only members of Wheel group to use su command.Means only members of wheel group can switch to another user by using su command.As we know that in Red Hat based operating system, wheel group is a special administrative group.
To allow only Wheel group’s member to use su command, follow the given below steps
In this method, we will edit the PAM file.
Step 1 : Add some user to wheel group by using
usermod command. Select only those user which you want to allow using
usermod -a -G wheel username
For eg. We are adding user sharad in group called wheel
[root@localhost ~]# usermod -a -G wheel sharad [root@localhost ~]# id sharad uid=500(sharad) gid=500(sharad) groups=500(sharad),10(wheel) [root@localhost ~]#
Step 2: Edit the /etc/pam.d/su file. We suggest you to also take the backup of /etc/pam.d/su file in your Desktop or some other path in system.
Taking backup of /etc/pam.d/su file
cp -p /etc/pam.d/su /root/etc-pamd-su
Editing /etc/pam.d/su file
Uncomment given below line in /etc/pam.d/su
auth required pam_wheel.so use_uid
See below given screenshot of /etc/pam.d/su after editing
Reference: /etc/pam.d/su file edited in operating system CentOS 6.5.
In below given section user called test is not able to use
su command. The reason is , user test is not member of wheel group.
[test@localhost ~]$ id test uid=501(test) gid=501(test) groups=501(test) [test@localhost ~]$ [test@localhost ~]$ su Password: su: incorrect password [test@localhost ~]$ [test@localhost ~]$ su -l sharad Password: su: incorrect password [test@localhost ~]$