Home / server / Questions / 372447
Accepted
cstamas
Asked: 2012-03-23 07:15:01 +0800 CST

How to grant su access to wheel without asking for password on FreeBSD?

  • 772

I would like to grant users of the wheel group (other sysadmins) su access without being asked for password.

I know how to do it with pam in linux, but the question now is for FreeBSD. I am not familiar with the syntax for FreeBSD's PAM subsystem. What shall I enter in /etc/pam.d/su instead of the default:

auth         sufficient   pam_rootok.so   no_warn
auth         sufficient   pam_self.so     no_warn
auth         requisite    pam_group.so    no_warn group=wheel root_only fail_safe ruser
auth         include      system

# account
account      include      system

# session
session      required     pam_permit.so
authentication freebsd su pam

2 Answers

  1. Best Answer

    I did some error and trial and the solution for me seems to be like this:

    # auth
auth            sufficient      pam_rootok.so           no_warn
auth            sufficient      pam_self.so             no_warn
auth            requisite       pam_group.so            no_warn group=wheel root_only fail_safe ruser
auth            sufficient      pam_group.so            no_warn group=wheel root_only fail_safe ruser
auth            include         system

# account
account         include         system

# session
session         required        pam_permit.so

    This allows members of the wheel group to su without password, but disallows non-members. (I think the two line can be consolidated into one, but I did not bother that much.)

    • 5

  2. sudo is configured by sudoers file and visudo should be used to edit.

    visudo -f /usr/local/etc/sudoers

    Make sure you have this line uncommented:

    %wheel ALL=(ALL) NOPASSWD: ALL
    • 2