Guys, For what it is worth, this was a wonderful convenience I stumbled across setting up a new server. You can edit /etc/pam.d/su and add the following: auth sufficient pam_wheel.so trust use_uid to allow members of the 'wheel' group to 'su' without giving a password. Now if you have configured 'sudo' so members of the wheel group can 'sudo' without a password, I don't think you are opening up any new holes, but absent a pam exploit or privilege escalation of users to the wheel group, I think the implications center on java/javascript apps downloaded that may run as you. You run the same risk with sudo, but the convenience of su without a password is very nice. I've finally settled on using it for setup before the box goes online and then closing the hole. I would welcome any other thoughts on the potential security implications of the feature. Seems that if pam is doing its job, then it doesn't pose any more risk than sudo. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org