Egan wrote:
On Wed, 21 Mar 2001 18:47:53 +0100, William Preston <william.preston@100world.com> wrote:
I don't want other users trying su to root and guessing the password. It would be nice if su had that extra level of protection the way it did on bsdi.
add the following to /etc/pam.d/su:
auth required pam_wheel.so
Here is my default /etc/pam.d/su:
#%PAM-1.0 auth sufficient /lib/security/pam_rootok.so auth required /lib/security/pam_unix.so nullok #set_secrpc account required /lib/security/pam_unix.so password required /lib/security/pam_unix.so #session required /lib/security/pam_homecheck.so session required /lib/security/pam_unix.so debug # none or trace
What does this first line do?
auth sufficient /lib/security/pam_rootok.so
And will that conflict with your suggestion?
Egan
The first line means that root is allowed to su to any user without a password --which is normal for most systems. Just add the pam_wheel line to the end of your file. The PAM documents are very good- I think they're installed under /usr/share/doc/packages/pam for SuSE7 William