Bug 61925

Summary: PAM/SU behaviour is worrying with regards to root user
Product: [Retired] Red Hat Linux Reporter: Alan Cox <alan>
Component: sh-utilsAssignee: wdovlrrw <brosenkr>
Status: CLOSED RAWHIDE QA Contact: Aaron Brown <abrown>
Severity: high Docs Contact:
Priority: high    
Version: 7.3   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-04-08 15:51:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 62432    
Bug Blocks: 61901    

Description Alan Cox 2002-03-26 00:03:23 UTC 
edit /etc/pam.d/su
Comment out the entry for auth sufficient pam_rootok

(Not wanting root to be able to su - this makes sense with stuff like RSBAC)

su someuser
[no password is requested]
%

I'd really expect this to fail the su
Comment 1 Bill Nottingham 2002-03-26 19:46:33 UTC 
It could be possible that the check for root is in su itself and not in pam.
Comment 2 Bill Nottingham 2002-03-26 19:47:59 UTC 
In fact, it is...
Comment 3 Bernhard Rosenkraenzer 2002-03-27 17:28:23 UTC 
Fixed in -12
Comment 4 Bernhard Rosenkraenzer 2002-04-02 10:37:25 UTC 
Reverted the fix because it introduces a much much worse problem (Bug #62432).
Comment 5 Bernhard Rosenkraenzer 2002-04-02 10:43:38 UTC 
Setting to NEEDINFO for resolution of #62432
Comment 6 Bernhard Rosenkraenzer 2002-04-08 15:52:17 UTC 
Fixed in -14