How to let users su without password

From Cosmin's Wiki

Jump to: navigation, search

Home > Linux how to's > How to let users su without password



Debian does not come by default with the wheel group enabled. Thus, you need to do a bit of work to accomplish this. First of all, you need to have root access on that machine. Once you have this, add a new group to your system:

groupadd wheel

Now add the user you would like to grant the su right without password to this group:

usermod -G wheel <username>
.

A last step is to make some configuration changes. Edit /etc/pam.d/su and modify the following lines:

# Uncomment this to force users to be a member of group root
# before they can use `su'. You can also add "group=foo"
# to the end of this line if you want to use a group other
# than the default "root" (but this may have side effect of
# denying "root" user, unless she's a member of "foo" or explicitly
# permitted earlier by e.g. "sufficient pam_rootok.so").
# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
 auth       required   pam_wheel.so group=wheel
 
# Uncomment this if you want wheel members to be able to
# su without a password.
 auth       sufficient pam_wheel.so trust use_uid

Now, all members of the wheel group will be allowed to su without being asked for a password.