Strange behaviour of pam_wheel.so

I added the line
Code:

auth required pam_wheel.so use_uid

to /etc/pam.d/su on SLES 11 (2.6.32.27-0.2 x86_64) which works fine
*except * if you run
Code:

su -

Background: We need to restrict usage of su to certain users, which is
impossible if “su -” is not affected by above entry in /etc/pam.d/su.
Upgrading to a newer kernel is not possible at the moment because there
are issues with the current kernel and certain 10G NICs.

I tested the same configuration on a Fedora 15 (2.6.40.3-0 x86_64)
where it worked as expected.

Any hints or workarounds are appreciated.

Walter

–
Walter_S

Walter_S’s Profile: http://forums.novell.com/member.php?userid=115997
View this thread: http://forums.novell.com/showthread.php?t=443920

Hi Walter

For this purpose you should also modify the file /etc/pam.d/su-l. This
file handles all commands like “su -” or “su - nobody” etc.
Regards
Tom

–
amo_vzug

amo_vzug’s Profile: http://forums.novell.com/member.php?userid=25342
View this thread: http://forums.novell.com/showthread.php?t=443920

Ah, that did the trick.

Many thanks!

Walter

–
Walter_S

Walter_S’s Profile: http://forums.novell.com/member.php?userid=115997
View this thread: http://forums.novell.com/showthread.php?t=443920