-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum has become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
su to root possible without being in wheel
- Thread starter lubos
- Start date
- Status
Quoting the manpage of "su" :
PAM is used to set the policy su(1) will use. In particular, by default
only users in the ``wheel'' group can switch to UID 0 (``root''). This
group requirement may be changed by modifying the ``pam_group'' section
of /etc/pam.d/su. See pam_group(8) for details on how to modify this
setting.
so, pam seems reconfigured from stock freebsd.
i do not however see the difference ..
PAM is used to set the policy su(1) will use. In particular, by default
only users in the ``wheel'' group can switch to UID 0 (``root''). This
group requirement may be changed by modifying the ``pam_group'' section
of /etc/pam.d/su. See pam_group(8) for details on how to modify this
setting.
so, pam seems reconfigured from stock freebsd.
i do not however see the difference ..
lubos
Cadet
- Joined
- Jan 28, 2012
- Messages
- 2
There is a line "auth requisite pam_group.so no_warn group=wheel root_only fail_safe", which on FreeBSD ends with "ruser" (only difference). I tried to append this word on FreeNAS, but it's removed after reboot. Deleting "ruser" on FreeBSD, however, doesn't matter, PAM outputs "assuming ruser" and forbids su to root.
Well, I guess it's on purpose. CLI is also accessible without password, so FreeNAS needs to be running on a secure machine at any rate.
- Status
