Non-wheel user able to su to root

Hi,

FreeBSD 13.1-RELEASE.
For some reason non-root, non-wheel user is able to su to root. What am I missing?
I tried reinstalling users.
For example:

Code:
$ id
uid=1004(dummy) gid=1004(dummy) groups=1004(dummy)
$ su -
Password:
#
 
I tried reinstalling users.
It has nothing to do with the accounts themselves.

Code:
# cat /etc/pam.d/su
#
# $FreeBSD: releng/12.3/lib/libpam/pam.d/su 219663 2011-03-15 10:13:35Z des $
#
# PAM configuration for the "su" service
#

# auth
auth            sufficient      pam_rootok.so           no_warn
auth            sufficient      pam_self.so             no_warn
auth            requisite       pam_group.so            no_warn group=wheel root_only fail_safe ruser
auth            include         system

# account
account         include         system

# session
session         required        pam_permit.so
Notice the group=wheel on pam_group(8)?
 
Hi,

When I said users were reinstalled, I meant that database could be corrupted so I figured I'd do them again.

That's it, this line was commented out:

Code:
#auth            requisite       pam_group.so            no_warn group=wheel root_only fail_safe ruser

Can't remember why, this is an old server that was upgraded from 10.X to 13.X.

Thanks.
 
Back
Top