pam_wheel -- Only permit root access to members of group wheel

   --------------------------------------------------------------------------

DESCRIPTION

   The pam_wheel PAM module is used to enforce the so-called wheel group. By
   default it permits access to the target user if the applicant user is a
   member of the wheel group. If no group with this name exist, the module is
   using the group with the group-ID 0.

OPTIONS

   debug

           Print debug information.

   deny

           Reverse the sense of the auth operation: if the user is trying to
           get UID 0 access and is a member of the wheel group (or the group
           of the group option), deny access. Conversely, if the user is not
           in the group, return PAM_IGNORE (unless trust was also specified,
           in which case we return PAM_SUCCESS).

   group=name

           Instead of checking the wheel or GID 0 groups, use the name group
           to perform the authentication.

   root_only

           The check for wheel membership is done only when the target user
           UID is 0.

   trust

           The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE
           if the user is a member of the wheel group (thus with a little
           play stacking the modules the wheel members may be able to su to
           root without being prompted for a passwd).

   use_uid

           The check for wheel membership will be done against the current
           uid instead of the original one (useful when jumping with su from
           one account to another for example).

EXAMPLES

   The root account gains access by default (rootok), only wheel members can
   become root (wheel) but Unix authenticate non-root applicants.

 su      auth     sufficient     pam_rootok.so
 su      auth     required       pam_wheel.so
 su      auth     required       pam_unix.so


AUTHOR

   pam_wheel was written by Cristian Gafton <gafton@redhat.com>.