On 04/03/2018 06:39 AM, Anton Aylward wrote:
On 02/04/18 11:13 PM, David C. Rankin wrote:
The last surprise was the missing convenience directives in /etc/pam.d/su that no longer provided an easy uncomment to allow users of 'wheel' to su without a password, e.g.
# Uncomment the following line to implicitly trust users in the "wheel" group. auth sufficient pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. auth required pam_wheel.so use_uid
... the removal may be a security enhancement, but thankfully I have a ssh client on my phone that I could jump on an older install and get the details (heaven know I didn't recall the specifics) ironically, not only have the lines in /etc/pam.d/su been removed, but, so far as I can find, so has pam_wheel.so.
Ironically it's all still there # rpm -ql pam | grep wheel /lib64/security/pam_wheel.so /usr/share/man/man8/pam_wheel.8.gz
The good part is the functionality must now be part of pam, because I added the lines to /etc/pam.d/su (and after adding myself to wheel) PRESTO, I su without a password like always. I haven't had time to run-down where the functionality is hidden not, but I can confirm it is there. -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org