ok, i thought that the "wheel" group and the "root" group were same. It works now. Thanks. -- James Bagley | CDI Innovantage james_bagley@non.agilent.com | Technical Computing UNIX Admin Support DON'T PANIC | Agilent Technologies IT Phone: (541) 738-3340 | Corvallis, Oregon -- On Thu, 28 Mar 2002, Swanson, Bryan wrote: > pam_wheel defaults to checking for "wheel" group membership > not "root" group...you can also specify a different group name, i > believe the module argument is "group=" ... > > -b > > > -----Original Message----- > > From: James Bagley Jr [mailto:jabagley@cvs.agilent.com] > > Sent: Thursday, March 28, 2002 2:01 PM > > To: pam-list@redhat.com > > Subject: pam_wheel > > > > > > Hey all, > > > > I have users that need root access to their workstations. > > Reading the pam > > documentation for the pam_wheel module it sounds like I can > > allow them to > > 'su -' without entering a password. This is ideal because I > > don't want to > > give them that root password, i'd rather keep that to myself. > > Problem is, > > it doesn't work. I'm using red hat 7.2. Here is the contents of > > /etc/pam.d/su: > > > > #%PAM-1.0 > > auth sufficient /lib/security/pam_rootok.so > > # Uncomment the following line to implicitly trust users in > > the "wheel" group. > > auth sufficient /lib/security/pam_wheel.so trust use_uid > > # Uncomment the following line to require a user to be in the > > "wheel" group. > > #auth required /lib/security/pam_wheel.so use_uid > > auth required /lib/security/pam_stack.so service=system-auth > > account required /lib/security/pam_stack.so service=system-auth > > password required /lib/security/pam_stack.so service=system-auth > > session required /lib/security/pam_stack.so service=system-auth > > session optional /lib/security/pam_xauth.so > > > > Here is output from the id command as a user: > > > > uid=976(jabagley) gid=100(users) groups=100(users),0(root),98(ident) > > > > when 'su -' is entered, i am prompted for a password. Did I > > missunderstand the pam documentation? what is wrong? > > > > thanks, > > > > -- > > James Bagley | CDI Innovantage > > james_bagley@non.agilent.com | Technical Computing UNIX Admin Support > > DON'T PANIC | Agilent Technologies IT > > Phone: (541) 738-3340 | Corvallis, Oregon > > -- > > > > > > > > _______________________________________________ > > > > Pam-list@redhat.com > > https://listman.redhat.com/mailman/listinfo/pam-list > > > > > > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list >
