Bug 152420 - su doesn't work for root on expired accounts
Summary: su doesn't work for root on expired accounts
Alias: None
Product: Fedora
Classification: Fedora
Component: coreutils   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Tim Waugh
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2005-03-29 11:58 UTC by Karel Zak
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

Fixed In Version: coreutils-5.97-3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-07-11 18:28:48 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Karel Zak 2005-03-29 11:58:32 UTC
# usermod -e 1990-01-01 smith
# su - smith
Your account has expired; please contact your system administrator
su: incorrect password
# usermod -e 2010-01-01 smith
# su - smith

I think for UID=0 should be possible do 'su' for all accounts include expired
accounts too. The message "...contact your system administrator" is funny if
you're root :-)

Comment 1 Tomas Mraz 2005-03-29 12:05:46 UTC
You can add a line with "account    sufficient   pam_succeed_if.so uid=0 use_uid
to the /etc/pam.d/su before the account required line. This will enable su-ing
into the expired accounts from root (uid 0).

Comment 2 Matthew Miller 2006-07-10 23:39:56 UTC
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.

Thank you!

Comment 3 Tomas Mraz 2006-07-11 06:25:14 UTC
This still applies.

Note You need to log in before you can comment on or make changes to this bug.