From owner-freebsd-questions  Fri Jun 27 08:16:22 1997
Return-Path: <owner-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id IAA26083
          for questions-outgoing; Fri, 27 Jun 1997 08:16:22 -0700 (PDT)
Received: from limbo.senate.org (nathan@senate.org [204.141.125.38])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA26076
          for <freebsd-questions@freebsd.org>; Fri, 27 Jun 1997 08:16:17 -0700 (PDT)
Received: (from nathan@localhost)
	by limbo.senate.org (8.8.5/8.8.5) id LAA04402;
	Fri, 27 Jun 1997 11:16:11 -0400 (EDT)
From: Nathan Dorfman <nathan@senate.org>
Message-Id: <199706271516.LAA04402@limbo.senate.org>
Subject: Re: su and not prompt for password? howto in 2.2.2
In-Reply-To: <m0whcIU-00010FC@mirage.skypoint.com> from Roger P Johnson at "Jun 27, 97 09:46:50 am"
To: hirsh@skypoint.com (Roger P Johnson), freebsd-questions@freebsd.org
Date: Fri, 27 Jun 1997 11:16:11 -0400 (EDT)
X-Mailer: ELM [version 2.4ME+ PL31 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

If all root logins are disabled, and only wheel can su to root (let's assume
that everyone in wheel would know the root password anyway) is it safe then to
operate without a root password?

> > 
> > On Thu, Jun 26, 1997 at 03:18:53PM -0500, Roger P Johnson wrote:
> > > 
> > > Ok. This should be easy.
> > > 
> > > In 2.1.5 I have myself a member of group wheel, thus when I do:
> > > $ su
> > > #
> > > 
> > > I get the root prompt without the passwd.
> > 
> > Ehr -- that shouldn't happen as far as I know. Sure you have a password,
> > and no 0 uid?
> 
> You are absolutely correct. I just checked both 2.1.5 machines and I don't have
> any root passwords on them, whereas I do have a password on 2.2.2. Changing
> or adding a password to the 2.1.5 machine and I have the same dilema.
> I get prompted for the password.
> 
> This leads me to my next question.
> 
> Q.  How does one then use the su command in shell scripts as in:
>       su root -c "chmod 540 foo.bar"
>     without prompting for the password??
>     I do not wish to leave the root accounts without a password (like I have
>     been doing!)
> 
>     What I am doing is setting file perms, ownership, and file clean out
>     for a point of sale application every morning so everything is set
>     for the next days biz.
> 
> Q.  I ought to check out sudo(8) instead I guess?
> 
> -Roger
> 
>