Bug 448016 – su does not work in 5.2

Bug 448016 - su does not work in 5.2

Summary:	su does not work in 5.2

Status:	CLOSED DUPLICATE of bug 448014

Aliases:	None

Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	nss_ldap (Show other bugs)
Sub Component:
Version:	5.2
Hardware:	All Linux

Priority	high Severity high
Target Milestone:	rc
Target Release:	---
Assigned To:	Nalin Dahyabhai
QA Contact:
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2008-05-22 17:55 EDT by Stephen John Smoogen
Modified:	2010-06-30 11:18 EDT (History)
CC List:	6 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2010-06-30 11:18:20 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Stephen John Smoogen 2008-05-22 17:55:47 EDT

Description of problem:

1) Users can not su to root in 5.2 (could do so in RHL 5.1 and beta).
2) Root can su to other users.

The su process will accept a password, pause and then fail with 'incorrect user'.

I have checked /etc/pam.d/su and that is not the problem:

#%PAM-1.0
auth            sufficient      pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth           sufficient      pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth           required        pam_wheel.so use_uid
auth            include         system-auth
account         sufficient      pam_succeed_if.so uid = 0 use_uid quiet
account         include         system-auth
password        include         system-auth
session         include         system-auth
session         optional        pam_xauth.so

The only thing I can come up with currently is that it might have something to
do with ldap users.

Comment 1 Stephen John Smoogen 2008-05-22 18:16:37 EDT

Moving to nss_ldap as emails from others affected see the problem fixed with
changing that component.

Comment 2 Garrett 2008-05-28 14:23:29 EDT

I'm also having a similar problem, and have an ldap system too. I don't get the
error, but it simply won't allow me to be root. Modifying the /etc/pam.d/su file
to this didn't help.

#%PAM-1.0
auth            sufficient      pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth           sufficient      pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth           required        pam_wheel.so use_uid
auth            sufficient      pam_ldap.so
auth            include         system-auth
account         sufficient      pam_succeed_if.so uid = 0 use_uid quiet
account         sufficient      pam_ldap.so
account         include         system-auth
password        include         system-auth
session         include         system-auth
session         sufficient      pam_ldap.so
session         optional        pam_xauth.so

Comment 3 Joel Eidsath 2008-05-29 17:42:11 EDT

This is an nss_ldap issue. su failed on our RHEL 5 systems, as well as pipes and
backticking in bash.

Running system-config-authentication, enabling user caching (and chkconfiging
nscd on if necessary) fixed the problem for us.

Comment 4 Nalin Dahyabhai 2010-06-30 11:18:20 EDT

This looks like a duplicate of bug #448014, which was fixed in nss_ldap-253-13.el5_2.1.  Please reopen this report if this update did not resolve the problem.  Thanks!

*** This bug has been marked as a duplicate of bug 448014 ***

Note You need to log in before you can comment on or make changes to this bug.