I know how to enable su without a password for all wheel group users by adding the appropriate configuration line in /etc/pam.d/su.
I do not want to enable this for all wheel users but only one particular user.
I am using FreeBSD 8.1. How do I do this?
UPDATE in response to comments below
This is a pfSense box. Underlying OS is FreeBSD 8.1 but as usual for pfSense a lot of functionality is missing, notably the entire ports collection. I wish to have one privileged user (in wheel group) able to invoke su – without having to type the root password. Enabling this for all wheel users using PAM is easy. I do not know the correct PAM configuration to allow bypassing the password for one particular user. I am constrained by company policy in how much alteration I can make. This is a running, mission-critical machine and I cannot take the risk of accidentally bringing it down. I have inherited administration of this machine but radical changes to its configuration are not practicable or permissible at this present time. I have PAM; I don’t have sudo. I wish I did, but I don’t.
Does FreeBSD have user private groups? If not, create a group and put only that user in it. Then in /etc/pam.d/su add something like
auth sufficient pam_group.so no_warn group=foo
where foo is the group name.
Check more discussion of this question.