pam_wheel -- Only permit root access to members of group wheel
     __________________________________________________________________

DESCRIPTION

   The pam_wheel PAM module is used to enforce the so-called wheel group.
   By default it permits access to the target user if the applicant user
   is a member of the wheel group. If no group with this name exist, the
   module is using the group with the group-ID 0.

OPTIONS

   debug
          Print debug information.

   deny
          Reverse the sense of the auth operation: if the user is trying
          to get UID 0 access and is a member of the wheel group (or the
          group of the group option), deny access. Conversely, if the user
          is not in the group, return PAM_IGNORE (unless trust was also
          specified, in which case we return PAM_SUCCESS).

   group=name
          Instead of checking the wheel or GID 0 groups, use the name
          group to perform the authentication.

   root_only
          The check for wheel membership is done only when the target user
          UID is 0.

   trust
          The pam_wheel module will return PAM_SUCCESS instead of
          PAM_IGNORE if the user is a member of the wheel group (thus with
          a little play stacking the modules the wheel members may be able
          to su to root without being prompted for a passwd).

   use_uid
          The check will be done against the real uid of the calling
          process, instead of trying to obtain the user from the login
          session associated with the terminal in use.

EXAMPLES

   The root account gains access by default (rootok), only wheel members
   can become root (wheel) but Unix authenticate non-root applicants.
su      auth     sufficient     pam_rootok.so
su      auth     required       pam_wheel.so
su      auth     required       pam_unix.so

AUTHOR

   pam_wheel was written by Cristian Gafton <gafton@redhat.com>.
