Re: su without password using libpam
On Sat, Sep 18, 1999 at 09:44:58AM +0200, Andreas Kurth wrote:
> Ben Collins wrote:
> > Ok correction on this. In the /etc/security/su.allow just put "root" (who they are
> > allowed to su to). and the add this line:
> >
> > #######
> > auth sufficient pam_listfile.so onerr=fail sense=allow \
> > file=/etc/security/su.allow item=user apply=you
> > #######
> >
> > This applies the rul for "you" to be able to su to "root" without a password.
>
> "apply=you" only makes sense in conjunction with the tty, rhost and
> shell items, as stated in the docs. The above way, any user gets
> passwordless root access, not only user "you".
>
> The only way to manage this, is to set up a group wheel, use the
> "auth required pam_wheel.so" line, add user "you" to group
> wheel and do it the above way leaving out the "apply=you" option.
It shouldn't according to the docs (yes I read that particular caveat, but
the logic is still there for it to work). For passwordless access, you could
make the pam_wheel.so module "sufficient" which means that belonging to the
group "root" gives them access to su without a password.
Ben
Reply to: