Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
cancel
Showing results for 
Search instead for 
Did you mean: 

Problem with pam_wheel

SOLVED
Go to solution
Nick Lunt
Frequent Advisor

Problem with pam_wheel

Hi folks,

Ive commented out the following line in /etc/pam.d/su

auth required /lib/security/$ISA/pam_wheel.so use_uid

As I understand it now only users in the wheel group should be able to su to root.
That works, however users not in the wheel group cannot su to any other user.

Im not particularly clued up on PAM so if someone could tell me where Im going wrong Id appreciate it.

System info:
RHEL 2.6.9-22.0.1.EL
pam-0.77-66.13

Many thanks,
Nick .
4 REPLIES
Ivan Ferreira
Honored Contributor

Re: Problem with pam_wheel

Hello Nick, try using:

auth required /lib/security/$ISA/pam_wheel.so use_uid root_only


root_only: The check for wheel membership is done only if the uid of requested account is 0.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Nick Lunt
Frequent Advisor

Re: Problem with pam_wheel

Thanks Ivan,

unfortunately that does not look like its a valid option :

$ tail /var/log/messages
Jun 21 09:01:07 fudge PAM-Wheel[6884]: pam_parse: unknown option; root_only

I also tried changing root_only to only_root with the same error.

Nick .
Ivan Ferreira
Honored Contributor
Solution

Re: Problem with pam_wheel

I just tested on my system and it works as should be, and no invalid option displayed. So, it should be something with your pam version, I'm using pam-0.79-8.

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Nick Lunt
Frequent Advisor

Re: Problem with pam_wheel

That must be what it is then.

The latest update from redhat is pam-0.77-66.14 which ive just updated to, and that doesn't work properly either.

Im reluctant to upgrade all our systems with a non redhat supplied version of pam.

I guess were stuck without this functionality.

Thanks for your help Ivan,

Nick .