I wanted one user to be able to su to root without entering a password. I created an /etc/suauth file with the following line (where "foo" is the user) root:foo:NOPASS Nothing doing. User foo still has to enter a password. I even put this into /etc/suauth root:foo:DENY Still no change. User "foo" still gets to su to root. This is not the behavior that is described in the man pages. Is this intentional? Wes
Gentoo does not use the su from sh-utils but one from the shadow package. The latter is compiled to use PAM for authentication, and I am sure there is a PAM module that will let you do what you are wanting. However, the shadow ebuild should probably still be fixed so that the suauth man page is not installed, since apparently it is not used when PAM is used.
You can do it something like this: --------------------------------------------------------------- #%PAM-1.0 auth sufficient /lib/security/pam_rootok.so # If you want to restrict users begin allowed to su even more, # create /etc/security/suauth.allow (or to that matter) that is only # writable by root, and add users that are allowed to su to that # file, one per line. #auth required /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow # Uncomment this to allow users in the wheel group to su without # entering a passwd. #auth sufficient /lib/security/pam_wheel.so use_uid trust # Alternatively to above, you can implement a list of users that do # not need to supply a passwd with a list. #auth sufficient /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass # Comment this to allow any user, even those not in the 'wheel' # group to su auth required /lib/security/pam_wheel.so use_uid auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/security/pam_xauth.so ---------------------------------------------------- Hope this helps.