From 6e0787957b53a64132b64e2a29bafe3e4b66d178 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@whonix.org>
Date: Mon, 6 Jan 2025 05:29:40 -0500
Subject: [PATCH] increase priority of pam wheel so it is checked even before
 faillock

in case of attemtping to use `su` without being a member of the required group `sudo`, it's useful to abort the PAM stack as early as possible to avoid needlessly propmting for a password to later
be rejected tu to lack of group membership
---
 usr/share/pam-configs/wheel-security-misc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/usr/share/pam-configs/wheel-security-misc b/usr/share/pam-configs/wheel-security-misc
index 10dcb88..eb8a9df 100644
--- a/usr/share/pam-configs/wheel-security-misc
+++ b/usr/share/pam-configs/wheel-security-misc
@@ -1,6 +1,6 @@
 Name: group sudo membership required to use su (by package security-misc)
 Default: yes
-Priority: 280
+Priority: 1050
 Auth-Type: Primary
 Auth:
 	[success=1 default=ignore]	pam_exec.so	seteuid quiet /usr/libexec/security-misc/pam_only_if_su