Thanks to everyone's help I got this licked quickly! Most people suggested I'd been hacked. I had considered this myself although due to our firewall config it would have been somewhat difficult plus I'm very good about keeping everything patched. In the end it turned out to be a configuration error. The first hint was when I started checking the pam config (thanks to everyone for that hint). /etc/pam.d/system-auth turned out to be the trouble. I replaced this with a copy from another server which wasn't having issues and suddenly everything started working properly again. However I came in today and I was having problems again! Eventually I tracked everything down to msec, a package distributed with Mandrake to help with security checking and configuration. msec had its security level set to '0' and was changing pam's configuration to basically have no restrictions. My fault, I was trying to figure out some errors that msec was throwing into my system log about the same time I did the webmin update last week. Pays to keep notes of what you've changed! Other helpful hints I got: - make sure root has a password set (it did) - make sure that su hasn't been replaced with a trojan - verify rpm packages to make sure files belonging to them haven't been altered - check to see if the UID field has been changed to '0' for any users Thanks to everyone for their help! Original problem: su stopped asking for a password when switching to root or any other user. _______________________________________________ LinuxManagers mailing list - http://www.linuxmanagers.org submissions: LinuxManagers@linuxmanagers.org subscribe/unsubscribe: http://www.linuxmanagers.org/mailman/listinfo/linuxmanagers