From 52a3a1928ee05459b0b6a4c1c9cc21ade60cd0e8 Mon Sep 17 00:00:00 2001
From: Brad Davis <brd@FreeBSD.org>
Date: Sat, 28 Jan 2006 01:11:11 +0000
Subject: [PATCH] - Mention that users need to be in the wheel group to `su -
 root' by default, and how to change it.

PR:		docs/70616
Submitted by:	Jilles Tjoelker <jilles at stack dot nl>
Reviewed by:	ru@
Approved by:	ceri@
MFC after:	3 days
---
 usr.bin/su/su.1 | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/usr.bin/su/su.1 b/usr.bin/su/su.1
index e44d639b1e00..9cfc82aadef2 100644
--- a/usr.bin/su/su.1
+++ b/usr.bin/su/su.1
@@ -32,7 +32,7 @@
 .\"	@(#)su.1	8.2 (Berkeley) 4/18/94
 .\" $FreeBSD$
 .\"
-.Dd October 3, 2004
+.Dd January 27, 2006
 .Dt SU 1
 .Os
 .Sh NAME
@@ -52,7 +52,20 @@ and switches to that user ID
 (the default user is the superuser).
 A shell is then executed.
 .Pp
-PAM is used to set all policy.
+PAM is used to set the policy
+.Xr su 1
+will use.
+In particular, by default only users in the
+.Dq Li wheel
+group can switch to UID 0
+.Pq Dq Li root .
+This group requirement may be changed by modifying the 
+.Dq Li pam_group
+section of 
+.Pa /etc/pam.d/su .
+See 
+.Xr pam_group 8
+for details on how to modify this setting.
 .Pp
 By default, the environment is unmodified with the exception of
 .Ev USER ,
@@ -220,7 +233,8 @@ Simulate a login for root.
 .Xr login.conf 5 ,
 .Xr passwd 5 ,
 .Xr environ 7 ,
-.Xr pam 8
+.Xr pam 8 ,
+.Xr pam_group 8
 .Sh HISTORY
 A
 .Nm