# Access control lists or PAM

## Sib

I just installed Gentoo and am just waiting for my emerge kde to finish when I noticed something weird while trying to 'su -':

```

user@machine user $ su -

Password:

su: Permission denied

Sorry.

user@machine user $ ls -als `which su`

  24 -rwsr-xr-x    1 root     root        22988 Apr 17 17:49 /bin/su

user@machine user $ id

uid=1000(martijn) gid=100(users) groups=100(users)

```

Now, when I put myself in group 'wheel', I can safely su and i'll be accepted..

But the question remains.. Is this behaviour part of PAM or part of POSIX ACL (kernel option)?

Does anyone know?

TIA

Sib

p.s. On a same note, what if I would like to use setfacl and getfacl tools from http://acl.bestbits.at/ included in fileutils-patch.. How would one perform such an action with Gentoo? (Gentoo newbie <-)

----------

## ProGuy

It's your PAM configuration that requires you to be in the wheel group, to be

able to use SU.

The configuration is in /etc/pam.d, and /etc/pam.d/su controls SU authentications & friends.

I'm not quite sure about the ACL thingie. I know that Gentoo supports XFS (which has ACLs, but they are different from bestbits). AFAIK they are working on making their ACLs compatible, but for the time being I am not even sure that you can have both enabled (at least not in kernel space). However, I have to admit that I haven't tried it yet because of lack of time.

I hope this helps you a bit  :Smile: 

----------

