Bug 176033
Summary: | su fails | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | David Woodhouse <dwmw2> | ||||
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | rawhide | CC: | tmraz, twaugh | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | current | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2007-03-16 03:35:20 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
David Woodhouse
2005-12-17 22:50:40 UTC
What version of coreutils, and of pam? 20051217 rawhide: coreutils-5.93-4.1.ppc pam-0.99.2.1-2.ppc pam-0.99.2.1-2.ppc64 Seems to be a pam issue, according to one of the fedora mailing lists. Can you please attach a strace of it? It should be good enough to attach to the su process when it is asking for a password. (Of course change the password before that so it isn't valuable.) I cannot reproduce this issue on rawhide i386 with coreutils-5.93-4.1 and pam-0.99.2.1-2 with SELinux disabled. So it might even be a ppc only problem. I can't reproduce it any more either. There exists a possibility that I just mistyped the password _repeatedly_ and then happened to get it right the first time I tried to 'ssh root@localhost' instead. Or maybe there was something wrong with the system date, which has been known to make PAM unhappy. Either way, I think we can close this. Apologies for the noise. I lie. It happens again on a clean install, although this time I'm inclined to blame selinux and I'm fairly sure I'd booted with 'selinux=0' last time, because I didn't think the system would boot at all without it. Created attachment 122431 [details]
strace
Yep, this is selinux preventing pam_unix to read /etc/shadow (which is right), but then it prevents it to run /sbin/unix_chkpwd (which should be allowed). This is a known problem in labeling the homedirs in the install restorecon -R -v /root /home Should clean it up. Hopefully tonights rawhide will fix the problem. Fixed in selinux-policy-2.1.6-19 Also coreutils is changed to not use selinux for su any longer. Closing several old modified bugs |