For su, maybe using pam_wheel.so in /etc/pam.d/su is what you are looking for. sudo has its own conf file(s) (/etc/sudoers and all files in /etc/sudoers.d/) in addition to /etc/pam.d/sudo Consider the possibility that the users you don't trust and who know the root password already installed a backdoor on your box. Cheers Armin
Attachment:
signature.asc
Description: Digital signature