Bug 275222 - 14.0-RELEASE su gives root to all users without requesting a password
Summary: 14.0-RELEASE su gives root to all users without requesting a password
Status: Closed Not A Bug
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 14.0-RELEASE
Hardware: amd64 Any
: --- Affects Many People
Assignee: freebsd-bugs (Nobody)
Depends on:
Reported: 2023-11-21 03:58 UTC by iio7
Modified: 2023-11-21 06:08 UTC (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description iio7 2023-11-21 03:58:01 UTC
I have just upgraded a bunch of boxes from FreeBSD 13.2 to 14.0-RELEASE and have discovered that all users who types `su` at the terminal will get root access without being asked about a password and without being in the wheel group. This is the case on all boxes.
Comment 1 iio7 2023-11-21 05:17:37 UTC
Sorry, they are in the wheel group, but they do NOT get asked for any password.
Comment 2 iio7 2023-11-21 05:22:27 UTC
I have discovered that using `# passwd` creates a new password and then all users need to type in the password.

On the boxes I have just upgraded from 13.2 to 14.0, the root password has been "removed".
Comment 3 Daniel Tameling 2023-11-21 05:42:33 UTC
When I upgraded there was a merge conflict for /etc/master.passwd. I had to keep the line for root from the old install as that had the password. The new line is the default without one:
  root::0:0::0:0:Charlie &:/root:/bin/sh
The password is the second column and it is empty and the man page says "If the password field is empty, no password will be required to gain access to the machine."
Did something similar happen for you and you used the new file?
Comment 4 iio7 2023-11-21 05:59:44 UTC
(In reply to Daniel Tameling from comment #3)

Actually, yes it did!
Comment 5 Li-Wen Hsu freebsd_committer 2023-11-21 06:03:26 UTC
I think this one can be closed as "not a bug", if there is any further issues, please feel free to reopen this ticket. Thanks!
Comment 6 iio7 2023-11-21 06:08:43 UTC
Yup. Sorry.