pam_wheel defaults to checking for "wheel" group membership not "root" group...you can also specify a different group name, i believe the module argument is "group=" ... -b > -----Original Message----- > From: James Bagley Jr [mailto:jabagley@cvs.agilent.com] > Sent: Thursday, March 28, 2002 2:01 PM > To: pam-list@redhat.com > Subject: pam_wheel > > > Hey all, > > I have users that need root access to their workstations. > Reading the pam > documentation for the pam_wheel module it sounds like I can > allow them to > 'su -' without entering a password. This is ideal because I > don't want to > give them that root password, i'd rather keep that to myself. > Problem is, > it doesn't work. I'm using red hat 7.2. Here is the contents of > /etc/pam.d/su: > > #%PAM-1.0 > auth sufficient /lib/security/pam_rootok.so > # Uncomment the following line to implicitly trust users in > the "wheel" group. > auth sufficient /lib/security/pam_wheel.so trust use_uid > # Uncomment the following line to require a user to be in the > "wheel" group. > #auth required /lib/security/pam_wheel.so use_uid > auth required /lib/security/pam_stack.so service=system-auth > account required /lib/security/pam_stack.so service=system-auth > password required /lib/security/pam_stack.so service=system-auth > session required /lib/security/pam_stack.so service=system-auth > session optional /lib/security/pam_xauth.so > > Here is output from the id command as a user: > > uid=976(jabagley) gid=100(users) groups=100(users),0(root),98(ident) > > when 'su -' is entered, i am prompted for a password. Did I > missunderstand the pam documentation? what is wrong? > > thanks, > > -- > James Bagley | CDI Innovantage > james_bagley@non.agilent.com | Technical Computing UNIX Admin Support > DON'T PANIC | Agilent Technologies IT > Phone: (541) 738-3340 | Corvallis, Oregon > -- > > > > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list >
