152420 – su doesn't work for root on expired accounts

Bug 152420 - su doesn't work for root on expired accounts

Summary: su doesn't work for root on expired accounts

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	coreutils
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Tim Waugh
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-03-29 11:58 UTC by Karel Zak
Modified:	2007-11-30 22:11 UTC (History)
CC List:	2 users (show)
Fixed In Version:	coreutils-5.97-3
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-07-11 18:28:48 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Karel Zak 2005-03-29 11:58:32 UTC

# usermod -e 1990-01-01 smith
# su - smith
Your account has expired; please contact your system administrator
su: incorrect password
# usermod -e 2010-01-01 smith
# su - smith
$

I think for UID=0 should be possible do 'su' for all accounts include expired
accounts too. The message "...contact your system administrator" is funny if
you're root :-)

Comment 1 Tomas Mraz 2005-03-29 12:05:46 UTC

You can add a line with "account    sufficient   pam_succeed_if.so uid=0 use_uid
quiet"
to the /etc/pam.d/su before the account required line. This will enable su-ing
into the expired accounts from root (uid 0).

Comment 2 Matthew Miller 2006-07-10 23:39:56 UTC

Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.

Thank you!

Comment 3 Tomas Mraz 2006-07-11 06:25:14 UTC

This still applies.

Note You need to log in before you can comment on or make changes to this bug.