Thanks! and... the su command

User Elisej a at zeos.net
Sun Mar 26 12:21:00 UTC 2006 

On Sun, Mar 26, 2006 at 01:07:15PM +0200, Freek Nossin wrote:
> > -----Original Message-----
> > From: Dan Nelson [mailto:dnelson at allantgroup.com]
> > Sent: zondag 26 maart 2006 8:54
> > To: Saul Mena Avila
> > Cc: freebsd-questions at freebsd.org
> > Subject: Re: Thanks! and... the su command
> > 
> > In the last episode (Mar 26), Saul Mena Avila said:
> > > Hi!. Thanks for helping me with the USB flash memory. I've also have
> > trouble
> > > with the su command... since I installed the FreeBSD 5.4, everytime I
> > try to
> > > login as root with su, the shell answers me with "Sorry"... and that's
> > all.
> > > Is it wrong configured or installed?
> > 
> > You need to be in the 'wheel' group to su to root.  It's not mentioned
> > in the su manpage, but is in both the FAQ and handbook.
> > 
> > http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/admin.html
> > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/securing-
> > freebsd.html
> > 
> > --
> > 	Dan Nelson
> > 	dnelson at allantgroup.com
> 
> 
> Although it is described in the handbook, in my opinion an "error message",
> or more generally a "feedback message", should give more useful feedback to
> the user. Now the user must think of all the checks that can fail while - in
> this case - authenticating, which is rather silly when you think of it,
> because the su-command, just did exactly the same, and could have easily
> printed a message that would describe the check on which it returned the
> error.
> 
> - Freek Nossin
> 
> PS:
> cc to freebsd-?
> 
> 
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
> 

There is a way to su root anyway.
Should you read su(1) and pam.conf(5), you see that your ability to su root depends on the
/etc/pam.d/su
For the first time, you can delete this file, and you will be able to su anybody always. But this is not a good way for security reasons.
Then read pam.conf(5) and edit the /etc/pam.d/su in a way allowing you to su root. But only you.

Elisej Babenko
mailto:a at zeos.net

More information about the freebsd-questions mailing list