From jilles@stack.nl  Wed Aug 18 14:12:11 2004
Return-Path: <jilles@stack.nl>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C890F16A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 18 Aug 2004 14:12:11 +0000 (GMT)
Received: from mailhost.stack.nl (vaak.stack.nl [131.155.140.140])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2FE6943D41
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 18 Aug 2004 14:12:09 +0000 (GMT)
	(envelope-from jilles@stack.nl)
Received: from turtle.stack.nl (turtle.stack.nl [IPv6:2001:610:1108:5010::132])
	by mailhost.stack.nl (Postfix) with ESMTP id 3A80A1F1D7
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 18 Aug 2004 16:12:08 +0200 (CEST)
Received: by turtle.stack.nl (Postfix, from userid 1677)
	id 1A48C1CCA3; Wed, 18 Aug 2004 16:12:08 +0200 (CEST)
Message-Id: <20040818141208.1A48C1CCA3@turtle.stack.nl>
Date: Wed, 18 Aug 2004 16:12:08 +0200 (CEST)
From: Jilles Tjoelker <jilles@stack.nl>
Reply-To: Jilles Tjoelker <jilles@stack.nl>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: incompleteness and error in su(1) man page
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         70616
>Category:       docs
>Synopsis:       [patch] incompleteness and error in su(1) man page
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    brd
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 18 14:20:19 GMT 2004
>Closed-Date:    Tue Jan 31 20:35:31 GMT 2006
>Last-Modified:  Tue Jan 31 20:35:31 GMT 2006
>Originator:     Jilles Tjoelker
>Release:        FreeBSD 5.2.1-RELEASE-p8 i386
>Organization:
MCGV Stack
>Environment:
System: FreeBSD turtle.stack.nl 5.2.1-RELEASE-p8 FreeBSD 5.2.1-RELEASE-p8 #28: Wed May 26 18:25:55 CEST 2004 marcolz@turtle.stack.nl:/usr/obj/usr/src/sys/TURTLE i386
Also in 5-CURRENT
>Description:
1. The su man page doesn't mention that by default users must be in group
   wheel to su to root. While it is mentioned in other documentation, it
   should be in the man page as well. The 4.x man page mentioned it.
   (This confuses new users.)
2. The su man page says the PAM configuration for su is in /etc/pam.conf, but
   it is in /etc/pam.d/su now.
>How-To-Repeat:
man su
>Fix:
Patch included
--- su.1.diff begins here ---
--- su.1.orig	Wed Aug 18 15:58:47 2004
+++ su.1	Wed Aug 18 16:05:16 2004
@@ -52,7 +52,10 @@
 (the default user is the superuser).
 A shell is then executed.
 .Pp
-PAM is used to set all policy.
+PAM is used to set all policy. In particular, by default only users in group
+``wheel'' may use
+.Nm
+to switch to UID 0 (``root'').
 .Pp
 By default, the environment is unmodified with the exception of
 .Ev USER ,
@@ -159,13 +162,10 @@
 .Dq Sy \&#
 to remind one of its awesome power.
 .Sh FILES
-.Bl -tag -width /etc/pam.conf -compact
-.It Pa /etc/pam.conf
+.Bl -tag -width /etc/pam.d/su -compact
+.It Pa /etc/pam.d/su
 .Nm
-is configured with PAM support; it uses
-.Pa /etc/pam.conf
-entries with service name
-.Dq su
+is configured with PAM support
 .El
 .Sh SEE ALSO
 .Xr csh 1 ,
--- su.1.diff ends here ---


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-doc->simon 
Responsible-Changed-By: simon 
Responsible-Changed-When: Sun Sep 12 20:02:06 GMT 2004 
Responsible-Changed-Why:  
I will take this. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=70616 
Responsible-Changed-From-To: simon->brd 
Responsible-Changed-By: brd 
Responsible-Changed-When: Thu Jun 2 23:03:58 GMT 2005 
Responsible-Changed-Why:  
Simon is too busy with all his new responsibilities and I want to get my feet wet with man pages, so steal this one. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=70616 

From: Brad Davis <so14k@so14k.com>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: docs/70616: [patch] incompleteness and error in su(1) man page
Date: Thu, 30 Jun 2005 10:58:01 -0600

 I made the following patch to address the fact that this is the default
 still, but it can be changed.
 
 
 
 --- src-ori/usr.bin/su/su.1	Thu Jun 30 10:17:59 2005
 +++ src/usr.bin/su/su.1	Thu Jun 30 10:43:37 2005
 @@ -53,6 +53,13 @@
  A shell is then executed.
  .Pp
  PAM is used to set all policy.
 +In particular, by default only users in group
 +.Dq wheel
 +may use
 +.Nm
 +to switch to UID 0
 +.Dq ( root ) .
 +This can be changed by modifying PAM's config.
  .Pp
  By default, the environment is unmodified with the exception of
  .Ev USER ,
 
State-Changed-From-To: open->closed 
State-Changed-By: brd 
State-Changed-When: Tue Jan 31 20:34:52 UTC 2006 
State-Changed-Why:  
Slightly different change committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=70616 
>Unformatted:
