Posted: . At: 4:07 PM. This was 5 years ago. Post ID: 8342
Page permalink. WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters.
These cookies expire two weeks after they are set.


How to disable the su to root in Linux using PAM.

by

The default Linux behavior allows the user to gain root access by typing su and entering the root password to gain a root prompt. If you wish to disable this behavior, then open this file as root for editing.

jason@jason-Virtual-Machine:~$ vim /etc/pam.d/su

Then un-comment this line.

auth required pam_wheel.so

And then edit the line to look like this.

auth required pam_wheel.so use_uid

This will require a user to login as root at a terminal to be able to use a root prompt. They will no longer be able to use su to switch to the root user. This is the default configuration in FreeBSD. And might be useful to anyone who wants to prevent users accessing root via the su command, or trying to switch to other users.

Now the su command will not work, a user will have to login as root at a VT to use the root account.

jason@jason-Virtual-Machine:~$ su root
Password:
su: Permission denied

Uncommenting this line and adding a group name to it will block a certain group of users from using su.

auth     required   pam_wheel.so deny group=nosu

1 thought on “How to disable the su to root in Linux using PAM.”

  1. Pingback: How do you disable su?

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.