Re: su without password using libpam
On Fri, Sep 17, 1999 at 06:29:02PM +0200, Andreas Kurth wrote:
> Hi,
>
> one of the latest potato changes was setting up login and su to use
> pam-support. Configuration of login and su has now to be done
> editing the /etc/pam.d/ files.
>
> On my privat machine I am used to let trusted users (myself only)
> use su without having to type the root password. This was achieved
> by the following entry in /etc/suauth:
>
> root:ALL EXCEPT akurth:DENY
> root:akurth:NOPASS
>
> I wonder how I can have this done using the new /etc/pam.d/su
> configuration file. Any ideas?
Well one way would be to use sudo instead which is more robust anyway.
Or you can add this to your /etc/pam.d/su file after the rootok module:
#######
auth sufficient pam_listfile.so onerr=fail sense=allow \
file=/etc/security/su.allow item=user
#######
The create the file /etc/security/su.allow (preferably mode 600) with a
list of each user you want to grant passwordless access to su (one on each
line). Note that this let's them su to any user, but since you are allowing
them to su to root anyway, that's not really a concern.
You can get more info on pam_listfile.so and all of the other pam modules
in the libpam-doc package.
Ben
Reply to: