Hey all,
I have users that need root access to their workstations. Reading the pam
documentation for the pam_wheel module it sounds like I can allow them to
'su -' without entering a password. This is ideal because I don't want to
give them that root password, i'd rather keep that to myself. Problem is,
it doesn't work. I'm using red hat 7.2. Here is the contents of
/etc/pam.d/su:
#%PAM-1.0
auth sufficient /lib/security/pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
auth sufficient /lib/security/pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required /lib/security/pam_wheel.so use_uid
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_xauth.so
Here is output from the id command as a user:
uid=976(jabagley) gid=100(users) groups=100(users),0(root),98(ident)
when 'su -' is entered, i am prompted for a password. Did I
missunderstand the pam documentation? what is wrong?
thanks,
--
James Bagley | CDI Innovantage
james_bagley@xxxxxxxxxxxxxxx | Technical Computing UNIX Admin Support
DON'T PANIC | Agilent Technologies IT
Phone: (541) 738-3340 | Corvallis, Oregon
--
|
