Mailinglist Archive: opensuse-security (423 mails)

< Previous Next >
Re: [suse-security] su to root
  • From: William Preston <william.preston@xxxxxxxxxxxx>
  • Date: Wed, 21 Mar 2001 19:44:32 +0100
  • Message-id: <3AB8F690.43528686@xxxxxxxxxxxx>
Egan wrote:
>
> On Wed, 21 Mar 2001 18:47:53 +0100, William Preston
> <william.preston@xxxxxxxxxxxx> wrote:
>
> >> I don't want other users trying su to root and guessing the password.
> >> It would be nice if su had that extra level of protection the way it
> >> did on bsdi.
>
> >add the following to /etc/pam.d/su:
> >
> >auth required pam_wheel.so
>
> Here is my default /etc/pam.d/su:
>
> >#%PAM-1.0
> >auth sufficient /lib/security/pam_rootok.so
> >auth required /lib/security/pam_unix.so nullok #set_secrpc
> >account required /lib/security/pam_unix.so
> >password required /lib/security/pam_unix.so
> >#session required /lib/security/pam_homecheck.so
> >session required /lib/security/pam_unix.so debug # none or trace
>
> What does this first line do?
>
> >>auth sufficient /lib/security/pam_rootok.so
>
> And will that conflict with your suggestion?
>
> Egan


The first line means that root is allowed to su to any user without a
password
--which is normal for most systems.

Just add the pam_wheel line to the end of your file.

The PAM documents are very good- I think they're installed under
/usr/share/doc/packages/pam for SuSE7

William

< Previous Next >
Follow Ups