https://community.hpe.com/t5/operating-system-linux/problem-with-pam-wheel/m-p/3808570#M66342 Hi folks,<BR /><BR />Ive commented out the following line in /etc/pam.d/su<BR /><BR />auth required /lib/security/$ISA/pam_wheel.so use_uid<BR /><BR />As I understand it now only users in the wheel group should be able to su to root.<BR />That works, however users not in the wheel group cannot su to any other user. <BR /><BR />Im not particularly clued up on PAM so if someone could tell me where Im going wrong Id appreciate it.<BR /><BR />System info:<BR />RHEL 2.6.9-22.0.1.EL<BR />pam-0.77-66.13<BR /><BR />Many thanks,<BR />Nick . Tue, 20 Jun 2006 04:16:45 GMT Nick Lunt 2006-06-20T04:16:45Z https://community.hpe.com/t5/operating-system-linux/problem-with-pam-wheel/m-p/3808570#M66342 Hi folks,<BR /><BR />Ive commented out the following line in /etc/pam.d/su<BR /><BR />auth required /lib/security/$ISA/pam_wheel.so use_uid<BR /><BR />As I understand it now only users in the wheel group should be able to su to root.<BR />That works, however users not in the wheel group cannot su to any other user. <BR /><BR />Im not particularly clued up on PAM so if someone could tell me where Im going wrong Id appreciate it.<BR /><BR />System info:<BR />RHEL 2.6.9-22.0.1.EL<BR />pam-0.77-66.13<BR /><BR />Many thanks,<BR />Nick . Tue, 20 Jun 2006 04:16:45 GMT https://community.hpe.com/t5/operating-system-linux/problem-with-pam-wheel/m-p/3808570#M66342 Nick Lunt 2006-06-20T04:16:45Z https://community.hpe.com/t5/operating-system-linux/problem-with-pam-wheel/m-p/3808571#M66343 Hello Nick, try using:<BR /><BR />auth required /lib/security/$ISA/pam_wheel.so use_uid root_only<BR /><BR /> <BR />root_only: The check for wheel membership is done only if the uid of requested account is 0. <BR /> Tue, 20 Jun 2006 10:36:24 GMT https://community.hpe.com/t5/operating-system-linux/problem-with-pam-wheel/m-p/3808571#M66343 Ivan Ferreira 2006-06-20T10:36:24Z https://community.hpe.com/t5/operating-system-linux/problem-with-pam-wheel/m-p/3808572#M66344 Thanks Ivan,<BR /><BR />unfortunately that does not look like its a valid option :<BR /><BR />$ tail /var/log/messages<BR />Jun 21 09:01:07 fudge PAM-Wheel[6884]: pam_parse: unknown option; root_only<BR /><BR />I also tried changing root_only to only_root with the same error.<BR /><BR />Nick .<BR /> Wed, 21 Jun 2006 03:07:20 GMT https://community.hpe.com/t5/operating-system-linux/problem-with-pam-wheel/m-p/3808572#M66344 Nick Lunt 2006-06-21T03:07:20Z https://community.hpe.com/t5/operating-system-linux/problem-with-pam-wheel/m-p/3808573#M66345 I just tested on my system and it works as should be, and no invalid option displayed. So, it should be something with your pam version, I'm using pam-0.79-8.<BR /><BR /> Wed, 21 Jun 2006 09:31:19 GMT https://community.hpe.com/t5/operating-system-linux/problem-with-pam-wheel/m-p/3808573#M66345 Ivan Ferreira 2006-06-21T09:31:19Z https://community.hpe.com/t5/operating-system-linux/problem-with-pam-wheel/m-p/3808574#M66346 That must be what it is then.<BR /><BR />The latest update from redhat is pam-0.77-66.14 which ive just updated to, and that doesn't work properly either.<BR /><BR />Im reluctant to upgrade all our systems with a non redhat supplied version of pam.<BR /><BR />I guess were stuck without this functionality.<BR /><BR />Thanks for your help Ivan,<BR /><BR />Nick .<BR /> Wed, 21 Jun 2006 09:54:26 GMT https://community.hpe.com/t5/operating-system-linux/problem-with-pam-wheel/m-p/3808574#M66346 Nick Lunt 2006-06-21T09:54:26Z