not logging

From: Thiago Conde Figueiro (
Date: 12/04/01

Date: Tue, 4 Dec 2001 11:56:17 -0200
From: Thiago Conde Figueiro <>

        Today I came across this issue on one of our RedHat 7.2 servers and I don't really know if this is the expected behavior. I enabled on /etc/pam.d/su as follows:

auth required /lib/security/ use_uid

        so that any user trying to su must be in the wheel group. If the user supplies the wrong password for root an entry is generated on syslog:

Dec 4 11:39:22 localhost su(pam_unix)[3339]: authentication failure; logname=user uid=502 euid=0 tty= ruser= rhost= user=root

        If the user knows the password for root but is not on the wheel group, he's denied authentication, as expected. However, no entry on the log is generated. It would be nice to know if a user who knows the password for root was denied authentication because he/she is not in the wheel group.

        Any thoughts?


Thiago Conde Figueiró

Disclaimer: all opinions on this message are my own and do not necessarily represent those of my employer.