From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Description of problem: we have a 2nd "root" account called "system" which has the same uid/gid as root. a normal user can su to system without giving a password Version-Release number of selected component (if applicable): coreutils-5.2.1-48.1 How reproducible: Always Steps to Reproduce: 1.vipw duplicate the root entry. rename the 2nd on system 2.do the same in the shadow password 3.log in as a normal user 4. su - system Actual Results: and no prompt for a password is given - you just become system Expected Results: should prompt for system password` Additional info:
*** Bug 172847 has been marked as a duplicate of this bug. ***
*** Bug 172848 has been marked as a duplicate of this bug. ***
No, I don't see that behaviour. 1. Have you altered any PAM configuration files? 2. What does 'rpm -V coreutils' say?
1. none 2. nothing at all
Please try these commands as your non-root user: id id -Gn id system id -Gn system su - system id What is the output?
[findlay@jic4147 ~]$ id uid=2026(findlay) gid=2000(comp) groups=2000(comp) context=user_u:system_r:unconfined_t [findlay@jic4147 ~]$ id -Gn comp [findlay@jic4147 ~]$ id system uid=0(system) gid=0(root) groups=0(root) [findlay@jic4147 ~]$ id -Gn system root [findlay@jic4147 ~]$ su - system [system@jic4147 ~]# id uid=0(system) gid=0(root) groups=0(root) context=user_u:system_r:unconfined_t
Please attach these files: /etc/pam.d/su /etc/pam.d/system-auth
[system@jic4147 ~]# cat /etc/pam.d/su #%PAM-1.0 auth sufficient /lib/security/$ISA/pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. #auth required /lib/security/$ISA/pam_wheel.so use_uid auth required /lib/security/$ISA/pam_stack.so service=system-auth account required /lib/security/$ISA/pam_stack.so service=system-auth password required /lib/security/$ISA/pam_stack.so service=system-auth # pam_selinux.so close must be first session rule session required /lib/security/$ISA/pam_selinux.so close session required /lib/security/$ISA/pam_stack.so service=system-auth # pam_selinux.so open and pam_xauth must be last two session rules session required /lib/security/$ISA/pam_selinux.so open multiple session optional /lib/security/$ISA/pam_xauth.so ========================= [system@jic4147 ~]# cat /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_smb_auth.so use_first_pass nolocal auth sufficient /lib/security/$ISA/pam_winbind.so use_first_pass auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so broken_shadow account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account [default=bad success=ok user_unknown=ignore] /lib/security/ $ISA/pam_winbind.so account required /lib/security/$ISA/pam_permit.so password requisite /lib/security/$ISA/pam_cracklib.so retry=3 password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/$ISA/pam_winbind.so use_authtok password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so
Please make a copy of your /etc/pam.d/system-auth file like this: cp /etc/pam.d/system-auth $HOME/system-auth-backup Then run the Authentication Configuration tool from the System Settings->Authentication menu item. Click on the Authentication tab and deselect 'Enable Winbind Support'. Click OK to exit the configuration tool. Does the su problem still occur? If so, please repeat the configuration change but this time deselect SMB support and try su again. Which configuration option makes a difference?
I disabled both and rebooted. didn't make any difference I'm afraid. although I had been experimenting with those options, so they might have something to do with the problem. ps su to root prompts for a password as does su to any other username...
Okay. Now open that configuration tool again and go to the authentication tab. Do you have 'Shadow passwords' enabled? Please try enabling them if not.
that fixed it. sorry to have caused you trouble over something that was my mistake :-(