After posting my question on the HP ITRC here http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1036430 it appears that pam-0.79-8 works by adding the root_only option to /etc/pam.d/su . But adding this option to the latest version of redhats pam rpm (currently pam-0.77-66.14) I get these errors in /var/log/messages: Jun 21 15:55:43 fudge PAM-Wheel[30822]: pam_parse: unknown option; root_only So I guess were screwed until redhat get their pam rpm's sorted. Cheers, Nick . > -----Original Message----- > From: ergatz [mailto:ergatz@xxxxxxxxxxx] > Sent: 19 June 2006 22:58 > To: General Red Hat Linux discussion list > Subject: Re: PAM and wheel issues > > > I came across the same problem TODAY. I thought I had done > something wrong > with the Linux load. > It is so good to hear someone else has the same problem. I > am eagerly > awaiting the solution. > > dorothy > > > ----- Original Message ----- > From: "Lunt, Nick" <Nick.Lunt@xxxxxxxxxxxxxx> > To: "Redhat (E-mail)" <redhat-list@xxxxxxxxxx> > Sent: Monday, June 19, 2006 6:12 AM > Subject: PAM and wheel issues > > > > Folks, > > > > I've set /etc/pam.d/su to only allow su to root when users > are in the > > wheel group, with this line > > > > "auth required /lib/security/$ISA/pam_wheel.so use_uid" > > > >>From README.pam_wheel > > > > "only permit root authentication to members of wheel group" > > > > However this is preventing users NOT in the wheel group > from switching > > user to anyone, not just to root. > > > > I've tried this on 2 boxes with different versions of PAM: > pam-0.77-65.1 > > and pam-0.77-66.13. > > > > Anyone come across this before or have an explanation for > this behaviour ? > > > > Cheers, > > Nick . > > > > > > > > > > > > > > Wesleyan Administration Services Ltd registered number 5188850 and > > Wesleyan Unit Trust Managers Ltd registered number 2114859 > ("WUTM Ltd") > > are wholly owned subsidiary companies of Wesleyan Assurance > Society, whose > > registered number is ZC145. WUTM Ltd is a member of IMA. > For ISA/PEP/Unit > > Trusts Administration Centre: PO Box 9033, Chelmsford, SM99 > 2WQ Telephone: > > 0870 601 6129 Wesleyan Assurance Society and WUTM Ltd are > authorised and > > regulated by the Financial Services Authority. Head Office, Colmore > > Circus, Birmingham B4 6AR. Telephone: 0121 200 3003 Fax > 0121 200 2971. > > Website: www.wesleyan.co.uk Telephone calls may be recorded > for monitoring > > and training purposes. > > > > CONFIDENTIALITY NOTICE > > > > This communication and the information it contains is > intended for the > > person or organisation to whom it is addressed. Its contents are > > confidential and may be protected in law. Unauthorised use, > copying or > > disclosure of any of it may be unlawful. If you are not the > intended > > recipient, please contact us immediately. > > > > The contents of any attachments in this e-mail may contain software > > viruses, which could damage your own computer system. While every > > reasonable precaution to minimise this risk has been taken, > we cannot > > accept liability for any damage that you sustain as a > result of software > > viruses. You should carry out your own virus checking > procedure before > > opening any attachment. > > > > > > -- > > redhat-list mailing list > > unsubscribe > mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > Thames Policy > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
