HOw to Protect su by limiting access only to admin group.
To limit the use of su by admin users only we need to create an admin group, then add users and limit the use of su to the admin group.
Add a admin group to the system and add your own admin username to the group by replacing <YOUR ADMIN USERNAME> below with your admin username.
Open a terminal window and enter:
sudo groupadd admin
sudo usermod -a -G admin <YOUR ADMIN USERNAME>
sudo dpkg-statoverride –update –add root admin 4750 /bin/su