Date: Fri, 7 Oct 2005 11:56:48 -0400 (EDT) From: "Brian A. Seklecki" <lavalamp@spiritual-machines.org> To: freebsd-questions@freebsd.org Cc: Rui Paulo <rpaulo@netbsd-pt.org>, Dag-Erling Smorgrav <des@FreeBSD.org> Subject: pam_rootok(8) + pam.d/sudo symlink to pam.d/su Message-ID: <20051007114027.Y95280@arbitor.digitalfreaks.org>
next in thread | raw e-mail | index | archive | help
Every reference(1) to configuring PAM and sudo(8) (in my case, for LDAP), suggests just symlinking [/usr/local/]etc/pam.d/sudo to /etc/pam.d/su However, when I do that, all wheel-group users are automatically passing auth requirements due to: auth sufficient pam_rootok.so no_warn ...which I assume is happening because sudo(8) is running SUID root? ---s--x--x 2 root wheel 105264 Aug 19 12:36 /usr/local/bin/sudo* ...the problem is, that confuses the visudo(8),sudoers(5) policy by effectivly adding: %wheel ALL=(ALL) NOPASSWD: ALL Is this correct? If so, the docs should probably be updated. 1.: http://sudo.rtin.bz/sudo/install.html http://www.freebsd.org/doc/en_US.ISO8859-1/articles/pam/pam-config.html http://netbsd.org/guide/en/chap-pam.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051007114027.Y95280>