I am currently using Debian 7 (Wheezy) and I am trying to disable the su
command only when the target user is root and not a privileged user.
For example, let's suppose the following users exist: root
, public
, privileged
.
root
would of course be able to su
, without restrictions.
public
should be able to su
to privileged
but not to root
.
privileged
should be able to su
to root (or any user).
So far I have only been able to disable su
to anyone but root
and privileged
, appending to /etc/pam.d/su
the following line:
auth required pam_wheel.so 1005
Assuming 1005 is privileged
uid.
However, this makes public
unable to use su
.
How could I make it?
Thank you!
Best Answer
You could do this with
sudo
in an easier way: