Summary: | make su and sudo use system-login from sys-auth/pambase | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Jakub Moc (RETIRED) <jakub> |
Component: | New packages | Assignee: | PAM Gentoo Team (OBSOLETE) <pam-bugs+disabled> |
Status: | RESOLVED WONTFIX | ||
Severity: | minor | CC: | hans, hoffie, srrijkers |
Priority: | High | ||
Version: | 2007.0 | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 210767 |
Description
Jakub Moc (RETIRED)
2008-03-06 12:09:39 UTC
Half done, sudo-1.6.9_p14 and 1.7_beta3 use system-login rather than system-auth. (In reply to comment #1) > Half done, sudo-1.6.9_p14 and 1.7_beta3 use system-login rather than > system-auth. > It seems that (I could be mistaken however, PAM > me) as a result of this sudo now prints lastlogin/motd whenever I use it (even after it asks it has already asked the password on first invocation) which I find slightly (not not a big deal however) annoying: # sudo echo foo Last login: Fri Mar 21 20:37:06 CET 2008 from magrathea on pts/8 Welcome to Magrathea! foo Is this an oversight/unintended result, or should I just customize my pam files if I don't want this? Same here, I found it quite annoying as well, but one can get used to it. Much more annoying is the recent gdm behaviour change -- it displays a dialog box with lastlogin data every time I log in... Is this intended, unrelated to this bug, or something else? :) Complete ~amd64 here, btw. Ok, I just updated pam to 1.0.0 and sudo now uses system-auth and thus no more motd/lastlogin messages, now that I think about it, maybe I misread Diego's post and the intention was exactly to make it use system-aouth Either way, thanks! Really, why should sudo or su use system-login? Should they have an optional pam_gnome_keyring.so? An optional pam_lastlog.so? An optional pam_mail.so? The problem with gdm is the same, since it actually does use system-login. Why should gdm use pam_mail.so, pam_lastlog.so, or pam_motd.so? So yes, the gdm crap *is* related to using system-login. system-auth is a perfect default: it contains just the things that *should* be inhered by all things pam. The problem with system-login is that it contains all kinds of extra things, making it unsuitable for general inheritance. My question is: what exactly is the point of system-login? It contains way to much stuff to make it suitable as a 'default pam thing for logins'. That would be system-auth's job, for a minimal set of general things. If we want to do all kinds of special things on console/gdm whatever logins, login/gdm/whatever would be the place to specify them. sudo has already backed away, as per GDM, it is interesting how it behaves, but I'd rather not create a new system-console-local-login configuration file, so I'd say look in gdm's way to find a solution. |