Summary: | su doesn't seem to read /etc/suauth | ||
---|---|---|---|
Product: | Gentoo Infrastructure | Reporter: | Wes Morriston <trub9> |
Component: | Bugzilla | Assignee: | John Davis (zhen) (RETIRED) <zhen> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Wes Morriston
2002-06-26 19:31:10 UTC
Gentoo does not use the su from sh-utils but one from the shadow package. The latter is compiled to use PAM for authentication, and I am sure there is a PAM module that will let you do what you are wanting. However, the shadow ebuild should probably still be fixed so that the suauth man page is not installed, since apparently it is not used when PAM is used. You can do it something like this: --------------------------------------------------------------- #%PAM-1.0 auth sufficient /lib/security/pam_rootok.so # If you want to restrict users begin allowed to su even more, # create /etc/security/suauth.allow (or to that matter) that is only # writable by root, and add users that are allowed to su to that # file, one per line. #auth required /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow # Uncomment this to allow users in the wheel group to su without # entering a passwd. #auth sufficient /lib/security/pam_wheel.so use_uid trust # Alternatively to above, you can implement a list of users that do # not need to supply a passwd with a list. #auth sufficient /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass # Comment this to allow any user, even those not in the 'wheel' # group to su auth required /lib/security/pam_wheel.so use_uid auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/security/pam_xauth.so ---------------------------------------------------- Hope this helps. |