From 64ac587b8a800cb52624596ae2f609243c99ca34 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Fri, 18 Oct 2002 02:39:21 +0000 Subject: [PATCH] Exempt the "wheel group requirement" by default when su'ing to root if the wheel group has no explicit members listed in /etc/group. This adds the "exempt_if_empty" flag to pam_wheel in the default configuration; in some environments, it may be appropriate to remove this flag, however, this default is the same as pre-pam_wheel. Reviewed by: markm Sponsored by: DARPA, Network Associates Laboratories --- etc/pam.d/su | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/pam.d/su b/etc/pam.d/su index 1d24474aa6f..8d686ff703e 100644 --- a/etc/pam.d/su +++ b/etc/pam.d/su @@ -7,7 +7,7 @@ # auth auth sufficient pam_rootok.so no_warn auth sufficient pam_self.so no_warn -auth requisite pam_wheel.so no_warn auth_as_self noroot_ok +auth requisite pam_wheel.so no_warn auth_as_self noroot_ok exempt_if_empty #auth sufficient pam_kerberosIV.so no_warn #auth sufficient pam_krb5.so no_warn try_first_pass auth_as_self auth sufficient pam_opie.so no_warn no_fake_prompts