security-misc/usr/share/pam-configs/wheel-security-misc
Patrick Schleizer 6e0787957b
increase priority of pam wheel so it is checked even before faillock
in case of attemtping to use `su` without being a member of the required group `sudo`, it's useful to abort the PAM stack as early as possible to avoid needlessly propmting for a password to later
be rejected tu to lack of group membership
2025-01-06 05:29:40 -05:00

8 lines
264 B
Plaintext

Name: group sudo membership required to use su (by package security-misc)
Default: yes
Priority: 1050
Auth-Type: Primary
Auth:
[success=1 default=ignore] pam_exec.so seteuid quiet /usr/libexec/security-misc/pam_only_if_su
requisite pam_wheel.so group=sudo debug