448016 – su does not work in 5.2

Bug 448016 - su does not work in 5.2

Summary: su does not work in 5.2

Keywords:
Status:	CLOSED DUPLICATE of bug 448014
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	nss_ldap
Sub Component:
Version:	5.2
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Nalin Dahyabhai
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-05-22 21:55 UTC by Stephen John Smoogen
Modified:	2010-06-30 15:18 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-06-30 15:18:20 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Stephen John Smoogen 2008-05-22 21:55:47 UTC

Description of problem:

1) Users can not su to root in 5.2 (could do so in RHL 5.1 and beta).
2) Root can su to other users.

The su process will accept a password, pause and then fail with 'incorrect user'.

I have checked /etc/pam.d/su and that is not the problem:

#%PAM-1.0
auth            sufficient      pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth           sufficient      pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth           required        pam_wheel.so use_uid
auth            include         system-auth
account         sufficient      pam_succeed_if.so uid = 0 use_uid quiet
account         include         system-auth
password        include         system-auth
session         include         system-auth
session         optional        pam_xauth.so

The only thing I can come up with currently is that it might have something to
do with ldap users.

Comment 1 Stephen John Smoogen 2008-05-22 22:16:37 UTC

Moving to nss_ldap as emails from others affected see the problem fixed with
changing that component.

Comment 2 Garrett 2008-05-28 18:23:29 UTC

I'm also having a similar problem, and have an ldap system too. I don't get the
error, but it simply won't allow me to be root. Modifying the /etc/pam.d/su file
to this didn't help.

#%PAM-1.0
auth            sufficient      pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth           sufficient      pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth           required        pam_wheel.so use_uid
auth            sufficient      pam_ldap.so
auth            include         system-auth
account         sufficient      pam_succeed_if.so uid = 0 use_uid quiet
account         sufficient      pam_ldap.so
account         include         system-auth
password        include         system-auth
session         include         system-auth
session         sufficient      pam_ldap.so
session         optional        pam_xauth.so

Comment 3 Joel Eidsath 2008-05-29 21:42:11 UTC

This is an nss_ldap issue. su failed on our RHEL 5 systems, as well as pipes and
backticking in bash.

Running system-config-authentication, enabling user caching (and chkconfiging
nscd on if necessary) fixed the problem for us.

Comment 4 Nalin Dahyabhai 2010-06-30 15:18:20 UTC

This looks like a duplicate of bug #448014, which was fixed in nss_ldap-253-13.el5_2.1.  Please reopen this report if this update did not resolve the problem.  Thanks!

*** This bug has been marked as a duplicate of bug 448014 ***

Note You need to log in before you can comment on or make changes to this bug.