问题现象

使用su命令时输入密码后提示权限限制，确认密码是正确的

su root
Password:
su: permission denied

解决办法

改变用户分组，将用户添加进wheel分组

#语法
# usermod [-G] [GroupName] [UserName]
usermod -G wheel username 

修改/etc/pam.d/su

vim /etc/pam.d/su

原文件如下

#%PAM-1.0
auth		sufficient	pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth		sufficient	pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth		required	pam_wheel.so use_uid
auth		substack	system-auth
auth		include		postlogin
account		sufficient	pam_succeed_if.so uid = 0 use_uid quiet
account		include		system-auth
password	include		system-auth
session		include		system-auth
session		include		postlogin
session		optional	pam_xauth.so

修改如下图选中行，注释掉

原因分析

PAM（Pluggable Authentication Modules）负责系统中很多应用程序的登录认证，安全设置问题

附录

查看用户当前分组

#语法
# id username
id user1
#执行结果如下
uid=1008(user1) gid=1008(user1) groups=1008(user1),1012(mygroup)