Guys,

        Working through the setup of my new server, I rad across a wonderful 
hidden
time-saver in /etc/pam.d/su. If you have configured sudo in the normal way by
providing sudo access to members of the 'wheel' group, you can avoid having to
type the root password to 'su' by uncommenting the following line in 
/etc/pam.d/su:

auth            sufficient      pam_wheel.so trust use_uid

        As the comment says, the entry causes pam to implicitly trust members 
of the
wheel group. Eliminating the need to type a 14 char pw 10 times a day is a
time-saver.

        My only concern is how secure it is to allow pam to do this? I'd 
welcome any
thoughts by those that understand whether this causes a concern.

        Thanks and thanks to whoever put this little gem in /etc/pam.d/su


-- 
David C. Rankin, J.D.,P.E.
Rankin Law Firm, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
Telephone: (936) 715-9333
Facsimile: (936) 715-9339
www.rankinlawfirm.com

Reply via email to