su command works without prompting password

Question

I'm on a RHEL server where the su command drops the user into root without prompting for a password. Obviously, this is a pretty big cause for concern which I'd like to fix. I'm not in contact with the previous admin, and he didn't leave any notes on what he did to make this happen.

The user account in question is a member of the sudoers group, and I noticed that the config contains the line Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin, but I'm not sure if this is related.

How should I troubleshoot this issue?

That was the first thing i checked; the only reference to it was a comment. — devnill, May 21 '13 at 17:54
@LaurentiuRoescu this is `su` not `sudo`. Anyway, check the `/etc/pam.d/su` file. — Michael Hampton, May 21 '13 at 17:55

score 3 · Accepted Answer · answered May 21 '13 at 18:20

3

Check if user root has password set. Try login as a root without pass or check /etc/shadow file.

answered May 21 '13 at 18:20

jamzed

1,070
7
8

score 3 · Answer 2 · answered May 21 '13 at 18:20

3

The most likely cause is the root user having no password. Give root a password

passwd root

answered May 21 '13 at 18:20

Allan Jude

1,286
9
13

su command works without prompting password

2 Answers2