Hi, Under RH 6.2 (pam 0.72) I was able to set up su such that only users in the wheel group were able to su to root, but anyone could su to other unprivledged accounts. Now on my 7.1 (pam 0.75) box, if I enable pam_wheel in su, it prevents everyone from using su unless they are in the wheel group instead of just allowing su to root by wheel group members. Here is my su config for the 7.1 box: #%PAM-1.0 auth sufficient /lib/security/pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient /lib/security/pam_wheel.so trust use_uid debug # Uncomment the following line to require a user to be in the "wheel" group. auth required /lib/security/pam_wheel.so use_uid debug auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/security/pam_xauth.so And here is the config from my 6.2 box where it works as I want it to: #%PAM-1.0 # The next two lines require a user to be in group "wheel" in order to su to root. auth sufficient /lib/security/pam_rootok.so debug auth required /lib/security/pam_wheel.so group=wheel auth required /lib/security/pam_pwdb.so shadow nullok account required /lib/security/pam_pwdb.so password required /lib/security/pam_cracklib.so password required /lib/security/pam_pwdb.so shadow use_authtok nullok session required /lib/security/pam_pwdb.so session optional /lib/security/pam_xauth.so My question is, how do I get the same funtionality under 7.1? TIA, Matt
