On Sat, Sep 18, 1999 at 09:44:58AM +0200, Andreas Kurth wrote: > Ben Collins wrote: > > Ok correction on this. In the /etc/security/su.allow just put "root" (who > > they are > > allowed to su to). and the add this line: > > > > ####### > > auth sufficient pam_listfile.so onerr=fail sense=allow \ > > file=/etc/security/su.allow item=user apply=you > > ####### > > > > This applies the rul for "you" to be able to su to "root" without a > > password. > > "apply=you" only makes sense in conjunction with the tty, rhost and > shell items, as stated in the docs. The above way, any user gets > passwordless root access, not only user "you". > > The only way to manage this, is to set up a group wheel, use the > "auth required pam_wheel.so" line, add user "you" to group > wheel and do it the above way leaving out the "apply=you" option.
It shouldn't according to the docs (yes I read that particular caveat, but the logic is still there for it to work). For passwordless access, you could make the pam_wheel.so module "sufficient" which means that belonging to the group "root" gives them access to su without a password. Ben
