-3

When the user of a shell isn't root, running su on another user name will ask for password of the other user.

When the user of a shell is root, running su on another user name doesn't ask for password of the other user. Is it correct?

I searched in the manpage of su, which only says su would ask for the password of the other user, and doesn't say that it doesn't ask if the current user is root. Am I missing something from the manpage?

Thanks.

Kusalananda
  • 333,661
Tim
  • 101,790
  • Thanks. Could you be specific what PAM configuration? Does that PAM configuration only apply to su? – Tim May 24 '18 at 02:45

1 Answers1

2

If /etc/pam.d/su contains the following:

auth            sufficient      pam_rootok.so

then root is unilaterally allowed to use su without further authentication.

Ignacio Vazquez-Abrams
  • 45,725
  • Thanks. Could you explain why that line means "allows root to su without passwords"? – Tim May 24 '18 at 02:57
  • 3
    The pam.conf(5) man page explains auth and sufficient, and the pam_rootok(8) man page explains pam_rootok.so. Put succinctly... well, my answer puts it succinctly. – Ignacio Vazquez-Abrams May 24 '18 at 02:59