일단 WHEEL그룹에 su를 허용 할 USER를 추가한다. GROUP파일을 추가해도 되고, usermod 명령으로 반드시 -a 옵션

[@localhost~]# usermod -a -G wheel username

[@localhost~]# usermod -a -G wheel sharad
[@localhost~]# id sharad uid=500(sharad) gid=500(sharad) groups=500(sharad),10(wheel)
[@localhost~]# 

일단 수정할 파일을 백업하고,

[@localhost~]# cp -p /etc/pam.d/su /etc/pam.d/su.save

4번라인 주석제거

#%PAM-1.0
auth            sufficient      pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth           sufficient      pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth            required        pam_wheel.so use_uid
auth            substack        system-auth
auth            include         postlogin
account         sufficient      pam_succeed_if.so uid = 0 use_uid quiet
account         include         system-auth
password        include         system-auth
session         include         system-auth
session         include         postlogin
session         optional        pam_xauth.so