# How to force password requirement for su root from user in wheel



## objecttothis (Apr 14, 2020)

I noticed that when I type `su root` while logged into the CLI from a user in the wheel group, that it doesn't require a password.  I would like to change this to require a password to su to root.  In all of my searching I can't seem to figure out how to do it, because that seems like it's supposed to be the default behavior but I don't remember modifying this.  I don't know if it's helpful, but here is the contents of /etc/pam.d/su


```
#
# $FreeBSD: releng/11.2/etc/pam.d/su 219663 2011-03-15 10:13:35Z des $
#
# PAM configuration for the "su" service
#

# auth
auth            sufficient      pam_rootok.so           no_warn
auth            sufficient      pam_self.so             no_warn
auth            requisite       pam_group.so            no_warn group=wheel root_only fail_safe ruser
auth            include         system

# account
account         include         system

# session                                                                                                     
session         required        pam_permit.so
```


----------



## PMc (Apr 14, 2020)

Indeed it is the default behaviour. No idea where You did modify that - my pam.d/su looks identical to that. I suggest you compare the whole pam stuff to the defaults from /usr/src/etc/pam.d (or https://svnweb.freebsd.org/base/)


----------

