Bug 62432

Summary: su reporting "standard in must be a tty" in sh-utils-2.0.11-12
Product: [Retired] Red Hat Raw Hide Reporter: Jonathan Kamens <jik>
Component: sh-utilsAssignee: wdovlrrw <brosenkr>
Status: CLOSED RAWHIDE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.0CC: bero, nphilipp
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-04-03 08:38:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 61590, 61925    

Description Jonathan Kamens 2002-04-01 00:22:03 UTC 
I just upgraded to sh-utils-2.0.11-12.  Now, /etc/cron.hourly/inn-cron-nntpsend
and /etc/cron.hourly/inn-cron-rnews are failing with "standard in must be a
tty".  They both use "su - news -c <whatever>".  The problem seems to occur even
if I delete the "-", i.e., "su news" instead of "su - news".

Either this new behavior needs to be removed from su, or anything which uses "su
<whatever>" as root in a non-interactive job needs to be fixed to use some other
mechanism.
Comment 1 Bernhard Rosenkraenzer 2002-04-02 10:23:51 UTC 
*** Bug 62513 has been marked as a duplicate of this bug. ***
Comment 2 Bernhard Rosenkraenzer 2002-04-02 10:27:45 UTC 
This is because of the fix for bug #61925 (which requested that root should  
not be able to su to other users unless the pam files state so).  
 
The error message is coming from pam despite the 
 
auth sufficient /lib/security/pam_rootok.so 
 
line in /etc/pam.d/su. 
 
Bug in pam?
Comment 3 Nalin Dahyabhai 2002-04-02 15:43:23 UTC 
Erm, no.  Excerpt from su in sh-utils-2.0.11-11:

  if (getuid () == 0)
    return 1;

  if (!isatty(0)) {
        fprintf(stderr, "standard in must be a tty\n");
        exit(1);
  }

The section from -12:

  if (!isatty(0)) {
        fprintf(stderr, "standard in must be a tty\n");
        exit(1);
  }

The original code apparently allowed the superuser to use su without a tty, but
not any other users.  The misc_conv() function used by PAM only warns when stdin
isn't a TTY.  If this is enough (the case we looked at was cron, where text
piped to "su" won't normally be echoed, so it probably is enough), then you can
just remove this check.
Comment 4 Bill Nottingham 2002-04-02 20:35:12 UTC 
*** Bug 62546 has been marked as a duplicate of this bug. ***
Comment 5 Bernhard Rosenkraenzer 2002-04-08 15:51:24 UTC 
Fixed in -14