# Non-wheel user able to su to root



## jkdrouter (Oct 26, 2022)

Hi,

FreeBSD 13.1-RELEASE.
For some reason non-root, non-wheel user is able to su to root. What am I missing? 
I tried reinstalling users.
For example:


```
$ id
uid=1004(dummy) gid=1004(dummy) groups=1004(dummy)
$ su -
Password:
#
```


----------



## SirDice (Oct 26, 2022)

jkdrouter said:


> I tried reinstalling users.


It has nothing to do with the accounts themselves.


```
# cat /etc/pam.d/su
#
# $FreeBSD: releng/12.3/lib/libpam/pam.d/su 219663 2011-03-15 10:13:35Z des $
#
# PAM configuration for the "su" service
#

# auth
auth            sufficient      pam_rootok.so           no_warn
auth            sufficient      pam_self.so             no_warn
auth            requisite       pam_group.so            no_warn group=wheel root_only fail_safe ruser
auth            include         system

# account
account         include         system

# session
session         required        pam_permit.so
```
Notice the `group=wheel` on pam_group(8)?


----------



## jkdrouter (Oct 26, 2022)

Hi,

When I said users were reinstalled, I meant that database could be corrupted so I figured I'd do them again.

That's it, this line was commented out:


```
#auth            requisite       pam_group.so            no_warn group=wheel root_only fail_safe ruser
```

Can't remember why, this is an old server that was upgraded from 10.X to 13.X.

Thanks.


----------

