pam_localuser 8 Linux-PAM Manual pam_localuser require users to be listed in /etc/passwd pam_localuser.so debug file=/path/passwd pam_localuser is a PAM module to help implementing site-wide login policies, where they typically include a subset of the network's users and a few accounts that are local to a particular workstation. Using pam_localuser and pam_wheel or pam_listfile is an effective way to restrict access to either local users and/or a subset of the network's users. This could also be implemented using pam_listfile.so and a very short awk script invoked by cron, but it's common enough to have been separated out. debug Print debug information. file=/path/passwd Use a file other than /etc/passwd. All module types (account, auth, password and session) are provided. PAM_SUCCESS The new localuser was set successfully. PAM_SERVICE_ERR No username was given. PAM_PERM_DENIED The user is not listed in the passwd file. Add the following lines to /etc/pam.d/su to allow only local users or group wheel to use su. account sufficient pam_localuser.so account required pam_wheel.so /etc/passwd Local user account information. pam.conf5 , pam.d5 , pam8 pam_localuser was written by Nalin Dahyabhai <nalin@redhat.com>.