HPE Community
Operating System - Linux
1753474 Members
4528 Online
108794 Solutions
New Discussion юеВ

Problem with pam_wheel

 
SOLVED
Go to solution
Nick Lunt
Frequent Advisor

тАО06-19-2006 09:16 PM

тАО06-19-2006 09:16 PM

Problem with pam_wheel

Hi folks,

Ive commented out the following line in /etc/pam.d/su

auth required /lib/security/$ISA/pam_wheel.so use_uid

As I understand it now only users in the wheel group should be able to su to root.
That works, however users not in the wheel group cannot su to any other user.

Im not particularly clued up on PAM so if someone could tell me where Im going wrong Id appreciate it.

System info:
RHEL 2.6.9-22.0.1.EL
pam-0.77-66.13

Many thanks,
Nick .
0 Kudos
Reply
4 REPLIES 4
Ivan Ferreira
Honored Contributor

тАО06-20-2006 03:36 AM

тАО06-20-2006 03:36 AM

Re: Problem with pam_wheel

Hello Nick, try using:

auth required /lib/security/$ISA/pam_wheel.so use_uid root_only


root_only: The check for wheel membership is done only if the uid of requested account is 0.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
Nick Lunt
Frequent Advisor

тАО06-20-2006 08:07 PM

тАО06-20-2006 08:07 PM

Re: Problem with pam_wheel

Thanks Ivan,

unfortunately that does not look like its a valid option :

$ tail /var/log/messages
Jun 21 09:01:07 fudge PAM-Wheel[6884]: pam_parse: unknown option; root_only

I also tried changing root_only to only_root with the same error.

Nick .
0 Kudos
Reply
Ivan Ferreira
Honored Contributor

тАО06-21-2006 02:31 AM

тАО06-21-2006 02:31 AM

Solution

Re: Problem with pam_wheel

I just tested on my system and it works as should be, and no invalid option displayed. So, it should be something with your pam version, I'm using pam-0.79-8.

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Reply
Nick Lunt
Frequent Advisor

тАО06-21-2006 02:54 AM

тАО06-21-2006 02:54 AM

Re: Problem with pam_wheel

That must be what it is then.

The latest update from redhat is pam-0.77-66.14 which ive just updated to, and that doesn't work properly either.

Im reluctant to upgrade all our systems with a non redhat supplied version of pam.

I guess were stuck without this functionality.

Thanks for your help Ivan,

Nick .
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.