import-layers/yocto-poky/meta/recipes-extended/shadow/files/pam.d/su - openbmc/openbmc - Gitiles

 #
 # The PAM configuration file for the Shadow `su' service
 #

 # This allows root to su without passwords (normal operation)
 auth       sufficient pam_rootok.so

 # Uncomment this to force users to be a member of group root
 # before they can use `su'. You can also add "group=foo"
 # to the end of this line if you want to use a group other
 # than the default "root" (but this may have side effect of
 # denying "root" user, unless she's a member of "foo" or explicitly
 # permitted earlier by e.g. "sufficient pam_rootok.so").
 # (Replaces the `SU_WHEEL_ONLY' option from login.defs)
 # auth       required   pam_wheel.so

 # Uncomment this if you want wheel members to be able to
 # su without a password.
 # auth       sufficient pam_wheel.so trust

 # Uncomment this if you want members of a specific group to not
 # be allowed to use su at all.
 # auth       required   pam_wheel.so deny group=nosu

 # Uncomment and edit /etc/security/time.conf if you need to set
 # time restrainst on su usage.
 # (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
 # as well as /etc/porttime)
 # account    requisite  pam_time.so

 # This module parses environment configuration file(s)
 # and also allows you to use an extended config
 # file /etc/security/pam_env.conf.
 #
 # parsing /etc/environment needs "readenv=1"
 session       required   pam_env.so readenv=1

 # Defines the MAIL environment variable
 # However, userdel also needs MAIL_DIR and MAIL_FILE variables
 # in /etc/login.defs to make sure that removing a user
 # also removes the user's mail spool file.
 # See comments in /etc/login.defs
 #
 # "nopen" stands to avoid reporting new mail when su'ing to another user
 session    optional   pam_mail.so nopen

 # Sets up user limits, please uncomment and read /etc/security/limits.conf
 # to enable this functionality.
 # (Replaces the use of /etc/limits in old login)
 # session    required   pam_limits.so

 # The standard Unix authentication modules, used with
 # NIS (man nsswitch) as well as normal /etc/passwd and
 # /etc/shadow entries.
 auth       include      common-auth
 account    include      common-account
 session    include      common-session
	#
	# The PAM configuration file for the Shadow `su' service
	#

	# This allows root to su without passwords (normal operation)
	auth sufficient pam_rootok.so

	# Uncomment this to force users to be a member of group root
	# before they can use `su'. You can also add "group=foo"
	# to the end of this line if you want to use a group other
	# than the default "root" (but this may have side effect of
	# denying "root" user, unless she's a member of "foo" or explicitly
	# permitted earlier by e.g. "sufficient pam_rootok.so").
	# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
	# auth required pam_wheel.so

	# Uncomment this if you want wheel members to be able to
	# su without a password.
	# auth sufficient pam_wheel.so trust

	# Uncomment this if you want members of a specific group to not
	# be allowed to use su at all.
	# auth required pam_wheel.so deny group=nosu

	# Uncomment and edit /etc/security/time.conf if you need to set
	# time restrainst on su usage.
	# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
	# as well as /etc/porttime)
	# account requisite pam_time.so

	# This module parses environment configuration file(s)
	# and also allows you to use an extended config
	# file /etc/security/pam_env.conf.
	#
	# parsing /etc/environment needs "readenv=1"
	session required pam_env.so readenv=1

	# Defines the MAIL environment variable
	# However, userdel also needs MAIL_DIR and MAIL_FILE variables
	# in /etc/login.defs to make sure that removing a user
	# also removes the user's mail spool file.
	# See comments in /etc/login.defs
	#
	# "nopen" stands to avoid reporting new mail when su'ing to another user
	session optional pam_mail.so nopen

	# Sets up user limits, please uncomment and read /etc/security/limits.conf
	# to enable this functionality.
	# (Replaces the use of /etc/limits in old login)
	# session required pam_limits.so

	# The standard Unix authentication modules, used with
	# NIS (man nsswitch) as well as normal /etc/passwd and
	# /etc/shadow entries.
	auth include common-auth
	account include common-account
	session include common-session