[sisyphus] политика безопасности

[Serge]

Доброго дня всем.
Подскажите, как корректно настроить политику безопасности, чтоб 
локальному юзеру можно было выполнять su, sudo, etc...

конкретизирую проблему:
$ su -
-bash: /bin/su: Permission denied

$ ls -al /bin/su
-rws--x--- 1 root wheel 18960 Окт  4 18:33 /bin/su

$ id
uid=500(user1) gid=500(user1) 
группы=0(root),19(proc),22(cdrom),80(cdwriter),81(audio),83(radio),500(user1),504(wheel)

# cat su
#%PAM-1.0
auth     sufficient     pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" 
group.
#auth     sufficient    pam_wheel.so debug use_uid group=wheel trust
# Uncomment the following line to require a user to be in the "wheel" group.
#auth     required      pam_wheel.so debug use_uid group=wheel
# Uncomment the following line to implicitly trust users with same user id.
#auth     sufficient    pam_sameuid.so debug
auth     include        system-auth
account  include        system-auth
password required       pam_deny.so
session  include        system-auth
session  optional       pam_xauth.so