pam_wheel

TLDR

Require wheel group for su

$ auth required pam_wheel.so

Require wheel for root

$ auth required pam_wheel.so root_only

Use specific group

$ auth required pam_wheel.so group=admin

Trust wheel members

$ auth sufficient pam_wheel.so trust

SYNOPSIS

pam_wheel.so [options]

DESCRIPTION

pam_wheel restricts su to wheel group. Controls root access.
The module requires group membership. Traditional Unix security.
pam_wheel limits su access.

PARAMETERS

root_only

Only apply for su to root.

group=NAME

Use alternate group.

trust

Trust group members (no password).

deny

Deny access to group members.

CAVEATS

Auth module. Wheel group required. BSD-style security.

HISTORY

pam_wheel provides wheel group restriction for su command access.