From 13ed7b537ae655c6d67965f1486aa2e3b181e574 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Tue, 17 Aug 2010 08:59:35 +0200
Subject: [PATCH 2/7] update man page for pam

---
 doc/coreutils.texi |   34 +++++-----------------------------
 1 files changed, 5 insertions(+), 29 deletions(-)

Index: doc/coreutils.texi
===================================================================
--- doc/coreutils.texi.orig	2012-04-16 13:18:07.651694291 +0200
+++ doc/coreutils.texi	2012-04-16 13:18:14.825522204 +0200
@@ -15796,8 +15796,11 @@ to certain shells, etc.).
 @findex syslog
 @command{su} can optionally be compiled to use @code{syslog} to report
 failed, and optionally successful, @command{su} attempts.  (If the system
-supports @code{syslog}.)  However, GNU @command{su} does not check if the
-user is a member of the @code{wheel} group; see below.
+supports @code{syslog}.)
+
+This version of @command{su} has support for using PAM for
+authentication.  You can edit @file{/etc/pam.d/su} resp @file{/etc/pam.d/su-l}
+to customize its behaviour.
 
 The program accepts the following options.  Also see @ref{Common options}.
 
@@ -15878,33 +15881,6 @@ Exit status:
 the exit status of the subshell otherwise
 @end display
 
-@cindex wheel group, not supported
-@cindex group wheel, not supported
-@cindex fascism
-@subsection Why GNU @command{su} does not support the @samp{wheel} group
-
-(This section is by Richard Stallman.)
-
-@cindex Twenex
-@cindex MIT AI lab
-Sometimes a few of the users try to hold total power over all the
-rest.  For example, in 1984, a few users at the MIT AI lab decided to
-seize power by changing the operator password on the Twenex system and
-keeping it secret from everyone else.  (I was able to thwart this coup
-and give power back to the users by patching the kernel, but I
-wouldn't know how to do that in Unix.)
-
-However, occasionally the rulers do tell someone.  Under the usual
-@command{su} mechanism, once someone learns the root password who
-sympathizes with the ordinary users, he or she can tell the rest.  The
-``wheel group'' feature would make this impossible, and thus cement the
-power of the rulers.
-
-I'm on the side of the masses, not that of the rulers.  If you are
-used to supporting the bosses and sysadmins in whatever they do, you
-might find this idea strange at first.
-
-
 @node timeout invocation
 @section @command{timeout}: Run a command with a time limit