Securing access to ESX hosts using the wheel group

    Securing access to ESX hosts using the wheel group

Login to ESX host as root.

Create a user account which will be used to log in.

useradd TestUser

passwd TestUser

<Enter the password twice>

Now add the user to the wheel group:

usermod -g wheel TestUser

The user is now a member of the wheel group.

Now we need to update the su pam config. There are two settings.

1. Make only wheel group users entitled to use the su

2. Implicitly trust wheel group members so they don't need to use the root password when using su

The config file is here: /etc/pam.d/su

There are hints in the pam config what to do which looks like this:

Using VI, edit the file and uncomment the line as shown above which is:

auth    sufficient    pam_wheel.so    trust    use_uid

and

auth    required    pam_wheel.so    use_uid

Exit VI saving changes with:

:wq!

To test that this has worked, login as TestUser and then type su -

If you are presented with the root login without being asked for a password then it has worked.

Test that only wheel group members can su by logging in as a normal user and try su, you will not be able to.