Bug 469791
Summary: | su broken fc9 | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jonathan Andrews <jon> | ||||||
Component: | coreutils | Assignee: | Ondrej Vasik <ovasik> | ||||||
Status: | CLOSED CANTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | high | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | 9 | CC: | kdudka, ovasik, pvrabec, twaugh | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | i386 | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2008-11-21 14:41:59 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Jonathan Andrews
2008-11-04 01:53:34 UTC
Thanks for report, I doubt the problem is in coreutils and su. Could you please provide strace of the of the failing command (I guess it could be PAM authentication restriction but I want to be sure before reassigning or closing). Created attachment 322398 [details]
strace for su
strace for su
I've tried building generic su from source, seems its nothing to do with the su code itself its getspnam thats broken ? /etc/shadow first 3 lines. root:$6$7VrkEcKw$EiuWyOjq3uPNAr/lmFm5Ki6T7uL61vINJMVwPIA8OIT/Vgq.jL1mzf0TsjbZS42RoNBBKqClJc.OlIaGgFlDh0:14187:0:99999:7::: bin:*:14185:0:99999:7::: daemon:*:14185:0:99999:7::: Su built from source. [waiman@jonspcc src]$ ./su pw->pw_name=root sp=(null) Correct=x Password: static bool correct_password (const struct passwd *pw) { char *unencrypted, *encrypted, *correct; #if HAVE_GETSPNAM && HAVE_STRUCT_SPWD_SP_PWDP /* Shadow passwd stuff for SVR3 and maybe other systems. */ struct spwd *sp = getspnam (pw->pw_name); endspent (); if (sp) correct = sp->sp_pwdp; else #endif correct = pw->pw_passwd; printf("pw->pw_name=%s\nsp=%s\nCorrect=%s\n",pw->pw_name,sp,correct); fflush(stdout); if (getuid () == 0 || !correct || correct[0] == '\0') return true; unencrypted = getpass (_("Password:")); if (!unencrypted) { error (0, 0, _("getpass: cannot open /dev/tty")); return false; } encrypted = crypt (unencrypted, correct); memset (unencrypted, 0, strlen (unencrypted)); return STREQ (encrypted, correct); } Could you please attach the content of /etc/pam.d/su and the output of id command? getspnam = shadow-utils ... shadow-utils = pvrabec ... adding to cc - Peter, what do you think about that issue? [root@jonspcc src]# cat /etc/pam.d/su #%PAM-1.0 auth sufficient pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. #auth required pam_wheel.so use_uid auth include system-auth account sufficient pam_succeed_if.so uid = 0 use_uid quiet account include system-auth password include system-auth session include system-auth session optional pam_xauth.so From root [root@jonspcc ~]# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) From user [waiman@jonspcc ~]$ id uid=502(waiman) gid=502(waiman) groups=502(waiman) /etc/passwd last 4 lines rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin avahi-autoipd:x:495:491:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin jon:x:501:501::/home/jon:/bin/bash waiman:x:502:502::/home/waiman:/bin/bash [root@jonspcc ~]# uname -a Linux jonspcc 2.6.26.6-79.fc9.i686 #1 SMP Fri Oct 17 14:52:14 EDT 2008 i686 athlon i386 GNU/Linux The machine is a virgin install of fc9 with yum update ran a few times, default settings for yum. Did you try to add yourself to group wheel? # gpasswd -a waiman wheel No difference ! From a simple users perspective (mine!) I should be able to useradd from root, then login and use su without additional steps - its always worked out that way for me before :-) [waiman@jonspcc ~]$ id uid=502(waiman) gid=502(waiman) groups=10(wheel),502(waiman) [waiman@jonspcc ~]$ su Password: su: incorrect password [waiman@jonspcc ~]$ Created attachment 322711 [details]
pam.d/su with debug options
Please try the attached /etc/pam.d/su with debug options and attach the appropriate part of /var/log/secure of successful and unsuccessful login.
Thanks for the attached files, i've tried them but get nothing related to su in /var/log/secure, just the login report from sshd. Its time for me to flush this machine and start again, thanks everyone for your help and time, its time to close this bug and move on. I assume its just me thats suffering this and only on one machine so its probably something i've broken ! Thanks again, looking forward to fc10. Jon |