diff options
| author | markm <markm@FreeBSD.org> | 2001-05-26 09:52:36 +0000 |
|---|---|---|
| committer | markm <markm@FreeBSD.org> | 2001-05-26 09:52:36 +0000 |
| commit | bcb0f2f3e276545287d3e032ec684a144d5b941c (patch) | |
| tree | 1dba2dac4d19724fa19569a2d6f3fc54c5fe4b32 /usr.bin/su/su.1 | |
| parent | 05d9777e736db7b42c83178491117ee572c81d77 (diff) | |
| download | FreeBSD-src-bcb0f2f3e276545287d3e032ec684a144d5b941c.zip FreeBSD-src-bcb0f2f3e276545287d3e032ec684a144d5b941c.tar.gz | |
Deconvolute the authentication mess, and hand total responsiblity
for authentication to PAM. This meens that WHEELSU-type logic can
now be effected in the pam.conf "su" configuration stack. While here,
clean up the mess that the code had assumed over years of hacking by
folks using different styles. ANSIfy.
There is more policy in here that can be handed over to PAM. This will
be revisited.
Diffstat (limited to 'usr.bin/su/su.1')
| -rw-r--r-- | usr.bin/su/su.1 | 44 |
1 files changed, 7 insertions, 37 deletions
diff --git a/usr.bin/su/su.1 b/usr.bin/su/su.1 index 00ff324..f6f0e5a 100644 --- a/usr.bin/su/su.1 +++ b/usr.bin/su/su.1 @@ -32,7 +32,6 @@ .\" @(#)su.1 8.2 (Berkeley) 4/18/94 .\" $FreeBSD$ .\" -.\" this is for hilit19's braindeadness: " .Dd April 18, 1994 .Dt SU 1 .Os @@ -47,24 +46,12 @@ .Op Ar login Op Ar args .Sh DESCRIPTION .Nm Su -requests the superuser password for -.Ar login -(or if Kerberos PAMs are used for -.Dq Ar login Ns .root -or -.Dq Ar login Ns /root -as appropriate), -and switches to that user ID. +requests appropriate user credentials via PAM +and switches to that user ID +(the default user is the superuser). A shell is then executed. -.Nm Su -will resort to the local password file to find the password for -.Ar login -if there is a PAM error. -If -.Nm -is executed by root, no password is requested and a shell -with the appropriate user ID is executed; -no additional PAM work is done. +.Pp +PAM is used to set all policy. .Pp By default, the environment is unmodified with the exception of .Ev USER , @@ -154,38 +141,21 @@ If the optional are provided on the command line, they are passed to the login shell of the target login. .Pp -Only users who are a member of group 0 (normally -.Dq wheel ) -can -.Nm -to -.Dq root . -\ If group 0 is missing or empty, any user can -.Nm -to -.Dq root . -.Pp By default (unless the prompt is reset by a startup file) the super-user prompt is set to .Dq Sy \&# to remind one of its awesome power. .Sh FILES -.Bl -tag -width /etc/auth.conf -compact -.It Pa /etc/auth.conf -configure authentication services +.Bl -tag -width /etc/pam.conf -compact .It Pa /etc/pam.conf -if .Nm -is configured with PAM support, it uses +is configured with PAM support; it uses .Pa /etc/pam.conf entries with service name .Dq su .El .Sh SEE ALSO .Xr csh 1 , -.Xr kerberos 1 , -.Xr kinit 1 , -.Xr login 1 , .Xr sh 1 , .Xr group 5 , .Xr login.conf 5 , |
