Пользователь не состоит в группе wheel и получает доступ если знает пароль рута. Несмотря на это я считаю это неправильным.
$ su -l
Пароль:
su: Доступ запрещен
$ cat /etc/pam.d/su
#------------------------------------------------------------------------------
# Modified Calculate Utilities 3.6.8.15
# Processed template files:
# /var/db/repos/calculate/profiles/templates/3.6/2_ac_install_merge/sys-auth/pambase/su
# /var/db/repos/calculate/profiles/templates/3.6/3_ac_install_live/1-merge/sys-auth/pambase/su
# For modify this file, create /etc/pam.d/su.clt template.
#------------------------------------------------------------------------------
#%PAM-1.0
auth sufficient pam_rootok.so
# If you want to restrict users begin allowed to su even more,
# create /etc/security/suauth.allow (or to that matter) that is only
# writable by root, and add users that are allowed to su to that
# file, one per line.
#auth required pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow
# Uncomment this to allow users in the wheel group to su without
# entering a passwd.
#auth sufficient pam_wheel.so use_uid trust
# Alternatively to above, you can implement a list of users that do
# not need to supply a passwd with a list.
#auth sufficient pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass
# Comment this to allow any user, even those not in the 'wheel'
# group to su
auth required pam_wheel.so use_uid
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
session required pam_env.so
session optional pam_xauth.so
# need for xautologin
-session optional pam_ck_connector.so nox11
$ gparted
и вуаля!
localuser:root being added to access control list
GParted 1.1.0
configuration --enable-online-resize
libparted 3.3
(gpartedbin:21619): Gtk-WARNING **: 10:11:57.707: Theme parsing error: gtk.css:459:91: '4a90d9' is not a valid color name
localuser:root being removed from access control list
Как сделать так чтобы в гуи был ограничен доступ к программам требующих рутовых прав?