Linux Security: Control access to the su command
By default, all users on a Linux distribution can use the su (switch user) command to become another user during a login session. If no username is given, su defaults to becoming the super user. While on other UNIX systems, one must be in the wheel group in order to access the su command.
This tutorial will show you how to restrict the use of su command on Linux so that only users in the wheel group have access to it.
The wheel group is a special user group on Unix-like systems to restrict access to su command. The term wheel comes from the archiaic slang phrase “big wheel” which means an important and influential person.
Edit /etc/pam.d/su config file:
sudo vi /etc/pam.d/su
add the following line:
auth required /lib/security/pam_wheel.so use_uid
or
auth required pam_wheel.so use_uid
Save and close the file.
Now when a user that is not in the wheel group try to use su command, he/she will get a permission denied error, even if the password is typed correctly.
If you want to add a user to the wheel group, use the following command:
sudo usermod -G wheel username
Use the id command to check if the user is in the wheel group
id username
