addgroup --system wheelAdd users that should be able to su to this group.
usermod -a -G wheel user1Then add the following line to /etc/pam.d/su:
auth requisite pam_wheel.so group=wheelOther users will not be able to become root, they will get a denied message if they try to become root.
test1@deby:~$ su - su: Permission deniedIf you want wheel members to be able to su without a password add the following.
auth sufficient pam_wheel.so group=wheel trust use_uid