Debian Jessie – su, sudo and Wheel Group

Allow Users to su With the Wheel Group or sudo

Users in Jessie are not allowed to su by default and the Wheel group (whose members are allowed to su) is not created by default. Should this be a requirement, follow the steps here to set it up:

Restrict ‘su’ execution

Login as root and uncomment the line below in /etc/pam.d/su, by removing the leading ‘#’.

#auth       required pam_wheel.so

This means that no user can execute su anymore and is the most secure configuration.

Create the Wheel Group

Create the group wheel with root privileges:

# groupadd wheel

Add User to Wheel Group

# usermod -aG wheel <user>

<user> can now execute su.

Optionally (and Insecurely) Trust Users in Wheel

This will put users in the wheel group directly into root without prompting for a password. Edit the /etc/pam.d/su file again and uncomment the following line:

#auth       sufficient pam_wheel.so trust