Project

General

Profile

Actions

Bug #1226

closed

su is asking superuser for password

Added by dennis.melentyev about 15 years ago. Updated about 15 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

Hi community,

After the last upgrade on Jan' 4th to:

dennis@dfly> uname -a
DragonFly dfly.melent.local 2.1.1-DEVELOPMENT DragonFly
2.1.1-DEVELOPMENT #1: Sun Jan 4 04:51:33 EET 2009
:/usr/obj/usr/src/sys/GENERIC i386

su started asking for a password while su'ing from root to less
privileged users.

Steps to reproduce:
1. login as regular user
2. dennis@dfly> sudo su -
Password:
3. root@dfly# su bind
Password: <just enter>
pam_unix: pam_sm_authenticate: UNIX authentication refused
su: Sorry

bind:*:53:53:Bind Sandbox:/:/sbin/nologin

This could be a sude-effect of Peter Avalos' recent commits (or
missing some of his latest commits)

PS. For the moment, system is upgraded one more time, to Jan'7th
state. Same results.
--
Dennis Melentyev

Actions #1

Updated by pavalos about 15 years ago

Did you do a 'make upgrade'?

I'm guessing you don't have the pam configuration files in pam.d/, but
if you do, let us know.

--Peter

Actions #2

Updated by dennis.melentyev about 15 years ago

Hi Peter,
I did make upgrade. But never touched /etc/pam.d content.

For now, it is:
dennis@dfly (xterm) > ll /etc/pam.d/
total 26
rw-r--r- 1 root wheel 2901 Sep 24 23:47 README
rw-r--r- 1 root wheel 3274 Sep 24 23:47 convert.sh
rw-r--r- 1 root wheel 335 Sep 24 23:47 ftpd
rw-r--r- 1 root wheel 302 Sep 24 23:47 gdm
rw-r--r- 1 root wheel 165 Sep 24 23:47 imap
rw-r--r- 1 root wheel 431 Sep 24 23:47 login
rw-r--r- 1 root wheel 214 Sep 24 23:47 other
rw-r--r- 1 root wheel 165 Sep 24 23:47 pop3
rw-r--r- 1 root wheel 388 Sep 24 23:47 sshd
rw-r--r- 1 root wheel 171 Sep 24 23:47 telnetd
rw-r--r- 1 root wheel 300 Sep 24 23:47 xdm

Not sure it is Ok, since files are dated Sep 24.

PS. Just ran "make upgrade" one more time. No change.

Actions #3

Updated by pavalos about 15 years ago

Ah, yes I see what's happening. We don't just blindly install the files
into that directory, since it could be locally modified. If you don't
have any local modifications in /etc/pam.d/ your best bet is to:

cd /usr/src/etc
make install

If you do have local mods, you can do the above, but you'll have to redo
those changes. Otherwise, your other option is to use mergemaster -s.

--Peter

Actions #4

Updated by corecode about 15 years ago

You need /usr/src/etc/pam.d

cheers
simon

Actions #5

Updated by pavalos about 15 years ago

Yeh, sorry about that:

cd /usr/src/etc/pam.d
make install

Actions #6

Updated by justin about 15 years ago

Should this go in /usr/src/UPDATING?

Actions #7

Updated by pavalos about 15 years ago

How's this look?

------------
The PAM modules and some userland utilities were changed to become PAM-aware.
The configuration files in /etc/pam.d/ need to be updated for the change. If
there are no local modifications in /etc/pam.d/, the easiest thing to do is:

cd /usr/src/etc/pam.d
make install

The configuration files may also be updated with 'mergemaster s'.
-----------

--Peter

Actions #8

Updated by justin about 15 years ago

On Sun, January 11, 2009 10:19 pm, Peter Avalos wrote:

This is great - if for no other reason than I know I'll upgrade
shiningsilence.com at some point and have totally forgotten about this.

Actions #9

Updated by dennis.melentyev about 15 years ago

Thanks guys!

cd /usr/src/etc/pam.d && make install worked just perfectly for me.
I had no local modifications, so no reason to bother about merging.

Please, close this issue.

/dennis

Actions #10

Updated by dillon about 15 years ago

:Peter Avalos <> added the comment:
:
:How's this look?
:
:------------
:The PAM modules and some userland utilities were changed to become PAM-awar=
:e=2E
:The configuration files in /etc/pam.d/ need to be updated for the change. =
:If
:there are no local modifications in /etc/pam.d/, the easiest thing to do is:
:
: cd /usr/src/etc/pam.d
: make install
:
:The configuration files may also be updated with 'mergemaster s'.
:-----------

:
:--Peter

Ick.  make upgrade should either do the required work or it should
work the user at the end that work needs to be done. That's the
whole point of having a make upgrade.
-Matt
Actions #11

Updated by pavalos about 15 years ago

8424467a03e42b42f2e4fb15bdc8cccb301aa1da should fix this.

Actions

Also available in: Atom PDF