Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 81175

Summary: shadow has incorrect /etc/login.defs when pam removed - prevents su even when in wheel (SU_WHEEL_ONLY)
Product: Gentoo Linux Reporter: Adam <richard.adam>
Component: [OLD] Core systemAssignee: Gentoo Linux bug wranglers <bug-wranglers>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Adam 2005-02-07 16:07:09 UTC 
I really want to get rid of pam so I unmerged it (apparently USE="-pam" isn't sufficient), then I re-emerged shadow as a thread in the forums suggested.  The file /etc/login.defs, which now belongs to the shadow package, afterwards had SU_WHEEL_ONLY set to yes.  However, I was unable to su to root, even though I was in wheel, until I set it to no.  But after doing that even people not in wheel could su to root.

The comment above the variable in that file suggests that it has nothing to do with the wheel group.

A way to fix this would be to set SU_WHEEL_ONLY to no and create a /etc/suauth with the line:
root:ALL EXCEPT GROUP wheel:DENY
Then the correct behaviour would still happen without pam.

This has been discussed on the forum thread:
http://forums.gentoo.org/viewtopic.php?t=246959
though there isn't really any extra information related to the bug there.


Reproducible: Always
Steps to Reproduce:
1.Remove pam
2.Re-install shadow

Actual Results:  
Can't su to root even when in wheel

Expected Results:  
Can su to root if and only if you're in wheel

adam>emerge info
Portage 2.0.51-r15 (default-linux/x86/2004.3, gcc-3.3.5,
glibc-2.3.3.20040420-r2, 2.6.10-gentoo-r6 i686)
=================================================================
System uname: 2.6.10-gentoo-r6 i686 AMD Athlon(tm) XP 2500+
Gentoo Base System version 1.4.16
Python:              dev-lang/python-2.3.4 [2.3.4 (#1, Feb  3 2005, 16:53:49)]
ccache version 2.3 [enabled]
dev-lang/python:     2.3.4
sys-devel/autoconf:  2.59-r6, 2.13
sys-devel/automake:  1.7.9-r1, 1.8.5-r3, 1.5, 1.4_p6, 1.6.3, 1.9.4
sys-devel/binutils:  2.15.92.0.2-r1
sys-devel/libtool:   1.5.10-r4
virtual/os-headers:  2.4.21-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O2 -march=athlon-xp -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env
/usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config
/usr/lib/X11/xkb /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=athlon-xp -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs autoconfig ccache distlocks nostrip sandbox sfperms strict
userpriv usersandbox"
GENTOO_MIRRORS="http://adelie.polymtl.ca/ http://gentoo.mirrors.pair.com/
ftp://gentoo.mirrors.pair.com/ http://mirror.datapipe.net/gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 3dnow X alsa arts avi bitmap-fonts cdr crypt cscope cups dvd encode f77
fam font-server foomaticdb gdbm gif gpm gtk2 imagemagick imlib java jpeg kde
libg++ libwww mmx mpeg mysql ncurses oggvorbis pdflib perl png ppds qt quicktime
readlinescanner sdl ssl tcpd tiff truetype truetype-fonts type1-fonts usb xml2
xmms xprint zlib"
Unset:  ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LDFLAGS
Comment 1 Gregorio Guidi (RETIRED) gentoo-dev 2005-02-10 03:16:48 UTC 

*** This bug has been marked as a duplicate of 80345 ***