Bug 172846
Summary: | su does not prompt for password on copy of root | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Bob Findlay <bob.findlay> |
Component: | coreutils | Assignee: | Tim Waugh <twaugh> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
URL: | http:// | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-11-14 16:43:02 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Bob Findlay
2005-11-10 15:32:51 UTC
*** Bug 172847 has been marked as a duplicate of this bug. *** *** Bug 172848 has been marked as a duplicate of this bug. *** No, I don't see that behaviour. 1. Have you altered any PAM configuration files? 2. What does 'rpm -V coreutils' say? 1. none 2. nothing at all Please try these commands as your non-root user: id id -Gn id system id -Gn system su - system id What is the output? [findlay@jic4147 ~]$ id uid=2026(findlay) gid=2000(comp) groups=2000(comp) context=user_u:system_r:unconfined_t [findlay@jic4147 ~]$ id -Gn comp [findlay@jic4147 ~]$ id system uid=0(system) gid=0(root) groups=0(root) [findlay@jic4147 ~]$ id -Gn system root [findlay@jic4147 ~]$ su - system [system@jic4147 ~]# id uid=0(system) gid=0(root) groups=0(root) context=user_u:system_r:unconfined_t Please attach these files: /etc/pam.d/su /etc/pam.d/system-auth [system@jic4147 ~]# cat /etc/pam.d/su #%PAM-1.0 auth sufficient /lib/security/$ISA/pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. #auth required /lib/security/$ISA/pam_wheel.so use_uid auth required /lib/security/$ISA/pam_stack.so service=system-auth account required /lib/security/$ISA/pam_stack.so service=system-auth password required /lib/security/$ISA/pam_stack.so service=system-auth # pam_selinux.so close must be first session rule session required /lib/security/$ISA/pam_selinux.so close session required /lib/security/$ISA/pam_stack.so service=system-auth # pam_selinux.so open and pam_xauth must be last two session rules session required /lib/security/$ISA/pam_selinux.so open multiple session optional /lib/security/$ISA/pam_xauth.so ========================= [system@jic4147 ~]# cat /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_smb_auth.so use_first_pass nolocal auth sufficient /lib/security/$ISA/pam_winbind.so use_first_pass auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so broken_shadow account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account [default=bad success=ok user_unknown=ignore] /lib/security/ $ISA/pam_winbind.so account required /lib/security/$ISA/pam_permit.so password requisite /lib/security/$ISA/pam_cracklib.so retry=3 password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/$ISA/pam_winbind.so use_authtok password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so Please make a copy of your /etc/pam.d/system-auth file like this: cp /etc/pam.d/system-auth $HOME/system-auth-backup Then run the Authentication Configuration tool from the System Settings->Authentication menu item. Click on the Authentication tab and deselect 'Enable Winbind Support'. Click OK to exit the configuration tool. Does the su problem still occur? If so, please repeat the configuration change but this time deselect SMB support and try su again. Which configuration option makes a difference? I disabled both and rebooted. didn't make any difference I'm afraid. although I had been experimenting with those options, so they might have something to do with the problem. ps su to root prompts for a password as does su to any other username... Okay. Now open that configuration tool again and go to the authentication tab. Do you have 'Shadow passwords' enabled? Please try enabling them if not. that fixed it. sorry to have caused you trouble over something that was my mistake :-( |