The default Linux behavior allows the user to gain root access by typing su and entering the root password to gain a root prompt. If you wish to disable this behavior, then open this file as root for editing.
jason@jason-Virtual-Machine:~$ vim /etc/pam.d/su |
Then un-comment this line.
auth required pam_wheel.so |
And then edit the line to look like this.
auth required pam_wheel.so use_uid |
This will require a user to login as root at a terminal to be able to use a root prompt. They will no longer be able to use su to switch to the root user. This is the default configuration in FreeBSD. And might be useful to anyone who wants to prevent users accessing root via the su command, or trying to switch to other users.
Now the su command will not work, a user will have to login as root at a VT to use the root account.
jason@jason-Virtual-Machine:~$ su root Password: su: Permission denied |
Uncommenting this line and adding a group name to it will block a certain group of users from using su.
auth required pam_wheel.so deny group=nosu |
1 thought on “How to disable the su to root in Linux using PAM.”