From 890298a3c882000a8351186521e9c1852dec298a Mon Sep 17 00:00:00 2001
From: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Mon, 8 Jul 2019 23:15:56 +0000
Subject: [PATCH] Restrict su to users in the root group

---
 etc/pam.d/su.security-misc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/pam.d/su.security-misc b/etc/pam.d/su.security-misc
index d5c6903..6e3c5ea 100644
--- a/etc/pam.d/su.security-misc
+++ b/etc/pam.d/su.security-misc
@@ -12,7 +12,7 @@ auth       sufficient pam_rootok.so
 # denying "root" user, unless she's a member of "foo" or explicitly
 # permitted earlier by e.g. "sufficient pam_rootok.so").
 # (Replaces the `SU_WHEEL_ONLY' option from login.defs)
-# auth       required   pam_wheel.so
+auth       required   pam_wheel.so
 
 # Uncomment this if you want wheel members to be able to
 # su without a password.