The default Linux behavior allows the user to gain root access by typing su and entering the root password to gain a root prompt. If you wish to disable this behavior, then run this command:
vim.tiny /etc/pam.d/su then uncomment this line:
#auth required pam_wheel.so use_uid
This will require a user to login as root at a terminal to be able to use a root prompt. They will no longer be able to use su to login as root. This is the default configuration in FreeBSD. And might be useful to anyone who wants to prevent users accessing root via su.