I have just upgraded a bunch of boxes from FreeBSD 13.2 to 14.0-RELEASE and have discovered that all users who types `su` at the terminal will get root access without being asked about a password and without being in the wheel group. This is the case on all boxes.
Sorry, they are in the wheel group, but they do NOT get asked for any password.
I have discovered that using `# passwd` creates a new password and then all users need to type in the password.
On the boxes I have just upgraded from 13.2 to 14.0, the root password has been "removed".
When I upgraded there was a merge conflict for /etc/master.passwd. I had to keep the line for root from the old install as that had the password. The new line is the default without one:
The password is the second column and it is empty and the man page says "If the password field is empty, no password will be required to gain access to the machine."
Did something similar happen for you and you used the new file?
(In reply to Daniel Tameling from comment #3)
Actually, yes it did!
I think this one can be closed as "not a bug", if there is any further issues, please feel free to reopen this ticket. Thanks!