From owner-freebsd-questions@FreeBSD.ORG  Sat May 13 15:52:56 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4280C16A42D
	for <freebsd-questions@freebsd.org>;
	Sat, 13 May 2006 15:52:56 +0000 (UTC)
	(envelope-from John.Dickinson@nominet.org.uk)
Received: from mx4.nominet.org.uk (mx4.nominet.org.uk [213.248.199.24])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3B50343D72
	for <freebsd-questions@freebsd.org>;
	Sat, 13 May 2006 15:52:51 +0000 (GMT)
	(envelope-from John.Dickinson@nominet.org.uk)
Received: from wds1.okna.nominet.org.uk (HELO notes1.nominet.org.uk)
	([213.248.197.128])
	by mx4.nominet.org.uk with ESMTP; 13 May 2006 16:52:50 +0100
X-IronPort-AV: i="4.05,125,1146438000"; d="scan'208"; a="3354742:sNHT31220240"
In-Reply-To: <44659C2C.6060703@yuckfou.org>
To: freebsd-questions@freebsd.org
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 6.5.5 November 30, 2005
Message-ID: <OF24647A36.2E62108A-ON8025716D.0055DA65-8025716D.00573C11@nominet.org.uk>
From: John.Dickinson@nominet.org.uk
Date: Sat, 13 May 2006 16:53:02 +0100
X-MIMETrack: Serialize by Router on notes1/Nominet(Release 6.5.3|September 14,
	2004) at 05/13/2006 04:53:02 PM,
	Serialize complete at 05/13/2006 04:53:02 PM
Content-Type: text/plain; charset="US-ASCII"
Subject: Re: Help: Unable to change to SU through SSH
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 13 May 2006 15:52:56 -0000

Nils Vogels wrote on 13/05/2006 09:43:24:

> Maan Jee wrote on 13-05-2006 10:31:
> > Hi
> >
> > I have created a user "admin" and using that to login through SSH from 
a
> > remote machine. But I CANNOT "su", change to the root login? How can I 
do
> > that?
> Add the user "admin" to the "wheel" group in /etc/groups.

I would recommend that you dont create an admin user. Create normal user 
accounts named after the user who will be logging in. Add users who will 
need to be able to do admin tasks to the wheel group. Then install sudo 
and configure it to allow users in the wheel group to run commands as 
root.

sudo has many advantages over using su. 
1. It logs every action so you can find out what you and other admin users 
did. This gives an audit trail and is very useful when you forget how you 
did something.
2. It puts a time limit on how long a user can run root tasks without 
re-entering their password. This prevents a user from forgetting they are 
root and leaving an unattended root console when they go to get a coffee.
3. You can, if necessary, control which commands a user can run as root.

Hope this helps
John