Description of problem: When user "root" uses the su command to change to another user, the system should prompt for user's password if the following line is commented out in the file /etc/pam.d/su : #auth sufficent /lib/security/pam_rootok.so Version-Release number of selected component (if applicable): pam-0.75-46.64 How reproducible: Steps to Reproduce: 1. Comment out "auth sufficent /lib/security/pam_rootok.so" in /etc/pam.d/su 2. su username Actual results: No password asked for Expected results: Password is asked for Additional info: This behavior works with RHEL 3.0 pam-0.75-54
This is feature of su in RHEL2.1. (PAM is almost identical in RHEL3 and RHEL2.1) I don't think it should/will be changed now. Reassigning to sh-utils maintainer for final decision.
No, we can't change that at this point.