Ben Collins wrote: > Ok correction on this. In the /etc/security/su.allow just put "root" (who > they are > allowed to su to). and the add this line: > > ####### > auth sufficient pam_listfile.so onerr=fail sense=allow \ > file=/etc/security/su.allow item=user apply=you > ####### > > This applies the rul for "you" to be able to su to "root" without a password.
"apply=you" only makes sense in conjunction with the tty, rhost and shell items, as stated in the docs. The above way, any user gets passwordless root access, not only user "you". The only way to manage this, is to set up a group wheel, use the "auth required pam_wheel.so" line, add user "you" to group wheel and do it the above way leaving out the "apply=you" option. -- Andreas Kurth Mannheim, Germany