Red Hat Bugzilla – Bug 368721
PAM *-l files undocumented
Last modified: 2008-03-13 03:45:37 EDT
Description of problem:
The /etc/pam.d/su-l and /etc/pam.d/runuser-l files appear to be completely
undocumented. The files themselves have no comments. The
/usr/share/doc/coreutils-6.9 files don't mention them. The man pages don't
mention them. The info pages say "this command has PAM support" but then point
the user at the plain 'su' and 'runuser' files, ignoring the *-l variants.
Version-Release number of selected component (if applicable): 6.9-3.fc7
Steps to Reproduce:
1. See "su-l" mentioned in logwatch report.
2. Fail to find explanation anywhere in docs, --help, FAQs, bug lists.
3. Become mildly annoyed at the presence of undocumented /etc files.
4. Become slightly alarmed at "su-l" appearing in strings(1) output on /bin/su
with no explanation.
I had to look at coreutils-split-pam.patch in the srpm to confirm my guess that
these files had something to do with the -l option.
I would have expected the parts of the docs that mention PAM support in the
first place to include "If the -l option is given, the corresponding *-l PAM
file will be used instead. By default, these include the base PAM file and then
add some additional blahblahblah..."
Added a bit words about those runuser-l and su-l files with different PAM file
to man pages of coreutils-6.10-1.fc9 (now built in RAWHIDE).
coreutils-6.9-7.fc7 has been submitted as an update for Fedora 7
coreutils-6.9-7.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update coreutils'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F7/FEDORA-2008-2333
coreutils-6.9-8.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.