My requirements is when i do su -, only then group is checked.
Otherwise (i.e. su - user, where user is not part of group wheel), su - user should not be checked that rule and next module in stack is checked.
I know if it can be done using pam_group module.
On Sat, 29 Aug 2009 18:28:38 +0530 wrote
>On 29.08.2009 15:42, Amit Kumar wrote:
> Thank you Dan.
> Just one more question, If i specify this -
> su auth requisite pam_group.so no_warn group=wheel fail_safe root_only
> PAM documentation says that above will be skipped if target user is root.
> However i tried ,su - tester (tester is not root and not part of wheel
> group), It denies. That's fine.
> Then i do su -, That is also denied.
> Do you have any insight into this behavior?
'root_only' means that only root is able to use su. If you want root to be able
to use su without supplying the password, you should also specify 'su auth
sufficient pam_rootok.so' line in front of pam_group.so line.
Sincerely Your, Dan.
_______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list