-3

When the user of a shell isn't root, running su on another user name will ask for password of the other user.

When the user of a shell is root, running su on another user name doesn't ask for password of the other user. Is it correct?

I searched in the manpage of su, which only says su would ask for the password of the other user, and doesn't say that it doesn't ask if the current user is root. Am I missing something from the manpage?

Thanks.

Kusalananda
  • 320,670
  • 36
  • 633
  • 936
Tim
  • 98,580
  • 191
  • 570
  • 977
  • Thanks. Could you be specific what PAM configuration? Does that PAM configuration only apply to `su`? – Tim May 24 '18 at 02:45

1 Answers1

2

If /etc/pam.d/su contains the following:

auth            sufficient      pam_rootok.so

then root is unilaterally allowed to use su without further authentication.

Ignacio Vazquez-Abrams
  • 44,857
  • 7
  • 93
  • 100
  • Thanks. Could you explain why that line means "allows root to su without passwords"? – Tim May 24 '18 at 02:57
  • 3
    The `pam.conf(5)` man page explains `auth` and `sufficient`, and the `pam_rootok(8)` man page explains `pam_rootok.so`. Put succinctly... well, my answer puts it succinctly. – Ignacio Vazquez-Abrams May 24 '18 at 02:59