# Begin /etc/pam.d/su

# always allow root
auth      sufficient  pam_rootok.so
auth      include     system-auth

# include the default account settings
account   include     system-account

# Set default environment variables for the service user
session   required    pam_env.so

# include system session defaults
session   include     system-session

# Security patch for CCE-15047-4, msid: 21
# Access to the root account via su should be restricted to the 'root' group
auth required pam_wheel.so use_uid

# End /etc/pam.d/su
