# phpman > man > pam_wheel(8)

[PAM_WHEEL(8)](https://www.chedong.com/phpMan.php/man/PAMWHEEL/8/markdown)                              Linux-PAM Manual                              [PAM_WHEEL(8)](https://www.chedong.com/phpMan.php/man/PAMWHEEL/8/markdown)



## NAME
       pam_wheel - Only permit root access to members of group wheel

## SYNOPSIS
       **pam**___**wheel.so** [debug] [deny] [group=_name_] [root_only] [trust]

## DESCRIPTION
       The pam_wheel PAM module is used to enforce the so-called _wheel_ group. By default it permits
       access to the target user if the applicant user is a member of the _wheel_ group. If no group
       with this name exist, the module is using the group with the group-ID **0**.

## OPTIONS
### debug
           Print debug information.

### deny
           Reverse the sense of the auth operation: if the user is trying to get UID 0 access and is
           a member of the wheel group (or the group of the **group** option), deny access. Conversely,
           if the user is not in the group, return PAM_IGNORE (unless **trust** was also specified, in
           which case we return PAM_SUCCESS).

       **group=**_name_
           Instead of checking the wheel or GID 0 groups, use the _name_ group to perform the
           authentication.

       **root**___**only**
           The check for wheel membership is done only when the target user UID is 0.

### trust
           The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a
           member of the wheel group (thus with a little play stacking the modules the wheel members
           may be able to su to root without being prompted for a passwd).

## MODULE TYPES PROVIDED
       The **auth** and **account** module types are provided.

## RETURN VALUES
       PAM_AUTH_ERR
           Authentication failure.

       PAM_BUF_ERR
           Memory buffer error.

       PAM_IGNORE
           The return value should be ignored by PAM dispatch.

       PAM_PERM_DENY
           Permission denied.

       PAM_SERVICE_ERR
           Cannot determine the user name.

       PAM_SUCCESS
           Success.

       PAM_USER_UNKNOWN
           User not known.

## EXAMPLES
       The root account gains access by default (rootok), only wheel members can become root (wheel)
       but Unix authenticate non-root applicants.

           su      auth     sufficient     pam_rootok.so
           su      auth     required       pam_wheel.so
           su      auth     required       pam_unix.so



## SEE ALSO
       [**pam.conf**(5)](https://www.chedong.com/phpMan.php/man/pam.conf/5/markdown), [**pam.d**(5)](https://www.chedong.com/phpMan.php/man/pam.d/5/markdown), [**pam**(7)](https://www.chedong.com/phpMan.php/man/pam/7/markdown)

## AUTHOR
       pam_wheel was written by Cristian Gafton <<gafton@redhat.com>>.



Linux-PAM Manual                             06/08/2020                                 [PAM_WHEEL(8)](https://www.chedong.com/phpMan.php/man/PAMWHEEL/8/markdown)