I know how to enable su without a password for all wheel group users by adding the appropriate configuration line in /etc/pam.d/su
.
I do not want to enable this for all wheel users but only one particular user.
I am using FreeBSD 8.1. How do I do this?
UPDATE in response to comments below
This is a pfSense box. Underlying OS is FreeBSD 8.1 but as usual for pfSense a lot of functionality is missing, notably the entire ports collection. I wish to have one privileged user (in wheel group) able to invoke su – without having to type the root password. Enabling this for all wheel users using PAM is easy. I do not know the correct PAM configuration to allow bypassing the password for one particular user. I am constrained by company policy in how much alteration I can make. This is a running, mission-critical machine and I cannot take the risk of accidentally bringing it down. I have inherited administration of this machine but radical changes to its configuration are not practicable or permissible at this present time. I have PAM; I don't have sudo. I wish I did, but I don't.
Best Answer
Does FreeBSD have user private groups? If not, create a group and put only that user in it. Then in
/etc/pam.d/su
add something likewhere
foo
is the group name.