Purpose: to restrict non-wheel users from switching to root
method:vi/etc/pam.d/su file, add the following two lines
Auth sufficient/lib/security/pam_rootok.so
Auth required/lib/security/pam_wheel.so Group=wheel
Result: users who joined wheel cannot switch to root, prompting for incorrect password
FIX: Modify auth required/lib/security/pam_wheel.so group=wheel
For auth required/lib/security/$ISA/pam_wheel.so group=wheel
Analysis: The $ISA variable is a built-in variable for Pam that automatically identifies the platform architecture of the system. (Original: The $ISA token is a PAM builtin this automatically looks for modules of the correct architecture, such as 32- Bit or 64-bit).
System environment:
bash-4.3# uname-ipmo
x86_64 x86_64 x86_64 Gnu/linux
-M,--machine
Print the machine hardware name
-P,--processor
Print the processor type or "Unknown"
-I.,--hardware-platform
Print the hardware platform or "unknown"
-O,--operating-system
Print the operating system
The role of $isa variables in the PAM module of Suselinux