How to restrict users switching from su command
Solution 1:
As you know, root user is the conventional name of the user who has all rights or permissions (to all files and programs) in all modes (single- or multi-user).
The root user can do many things an ordinary user cannot, such as changing the ownership of files and binding to ports numbered below 1024. The etymology of the term may be that root is the only user account with permission to modify the root directory of a Unix system. This includes su
command to switch to another user.
For that reason, you can't restrict the use of the su
command to root user.
Now talking about user1 you can restrict the use of the su
command removing the user from the wheel group due to any user on that group heritage the root level privileges.
Have fun!