>>> How can a user 'su' without knowing the root password?
>>
>> sudo (see /pkgsrc/security/sudo) implements this if you like to; you
>> have to enable this using 'visudo' (thus editing sudo's config file):
>> [...]
>
> No need for this; see su(1):
>
> COMPILATION OPTIONS
>      Several compilation time options are available that alter the 
> program's
>      behavior.  These options are:
>
>      SU_GROUP           If defined, it changes the default group that 
> is
>                         allowed to become ``root'' from ``wheel'' to 
> the spec-
>                         ified string.
>
>      SU_ROOTAUTH        If defined, it specifies a group whose members 
> are
>                         allowed to become ``root'' by supplying their 
> own
>                         password instead of the ``root'' one.
>
>
> - Klaus

thanks, that's true -- but requires recompilation of su(1).

regards,

timo