Bug #1226

su is asking superuser for password

Added by dennis.melentyev over 5 years ago. Updated about 5 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

Hi community,

After the last upgrade on Jan' 4th to:

dennis@dfly> uname -a
DragonFly dfly.melent.local 2.1.1-DEVELOPMENT DragonFly
2.1.1-DEVELOPMENT #1: Sun Jan 4 04:51:33 EET 2009
:/usr/obj/usr/src/sys/GENERIC i386

su started asking for a password while su'ing from root to less
privileged users.

Steps to reproduce:
1. login as regular user
2. dennis@dfly> sudo su -
Password:
3. root@dfly# su bind
Password: <just enter>
pam_unix: pam_sm_authenticate: UNIX authentication refused
su: Sorry

bind:*:53:53:Bind Sandbox:/:/sbin/nologin

This could be a sude-effect of Peter Avalos' recent commits (or
missing some of his latest commits)

PS. For the moment, system is upgraded one more time, to Jan'7th
state. Same results.
--
Dennis Melentyev

History

#1 Updated by pavalos over 5 years ago

Did you do a 'make upgrade'?

I'm guessing you don't have the pam configuration files in pam.d/, but
if you do, let us know.

--Peter

#2 Updated by dennis.melentyev over 5 years ago

Hi Peter,
I did make upgrade. But never touched /etc/pam.d content.

For now, it is:
dennis@dfly (xterm) > ll /etc/pam.d/
total 26
-rw-r--r-- 1 root wheel 2901 Sep 24 23:47 README
-rw-r--r-- 1 root wheel 3274 Sep 24 23:47 convert.sh
-rw-r--r-- 1 root wheel 335 Sep 24 23:47 ftpd
-rw-r--r-- 1 root wheel 302 Sep 24 23:47 gdm
-rw-r--r-- 1 root wheel 165 Sep 24 23:47 imap
-rw-r--r-- 1 root wheel 431 Sep 24 23:47 login
-rw-r--r-- 1 root wheel 214 Sep 24 23:47 other
-rw-r--r-- 1 root wheel 165 Sep 24 23:47 pop3
-rw-r--r-- 1 root wheel 388 Sep 24 23:47 sshd
-rw-r--r-- 1 root wheel 171 Sep 24 23:47 telnetd
-rw-r--r-- 1 root wheel 300 Sep 24 23:47 xdm

Not sure it is Ok, since files are dated Sep 24.

PS. Just ran "make upgrade" one more time. No change.

#3 Updated by pavalos over 5 years ago

Ah, yes I see what's happening. We don't just blindly install the files
into that directory, since it could be locally modified. If you don't
have any local modifications in /etc/pam.d/ your best bet is to:

cd /usr/src/etc
make install

If you do have local mods, you can do the above, but you'll have to redo
those changes. Otherwise, your other option is to use mergemaster -s.

--Peter

#4 Updated by corecode over 5 years ago

You need /usr/src/etc/pam.d

cheers
simon

#5 Updated by pavalos over 5 years ago

Yeh, sorry about that:

cd /usr/src/etc/pam.d
make install

#6 Updated by justin over 5 years ago

Should this go in /usr/src/UPDATING?

#7 Updated by pavalos over 5 years ago

How's this look?

------------
The PAM modules and some userland utilities were changed to become PAM-aware.
The configuration files in /etc/pam.d/ need to be updated for the change. If
there are no local modifications in /etc/pam.d/, the easiest thing to do is:

cd /usr/src/etc/pam.d
make install

The configuration files may also be updated with 'mergemaster -s'.
------------

--Peter

#8 Updated by justin over 5 years ago

On Sun, January 11, 2009 10:19 pm, Peter Avalos wrote:

This is great - if for no other reason than I know I'll upgrade
shiningsilence.com at some point and have totally forgotten about this.

#9 Updated by dennis.melentyev over 5 years ago

Thanks guys!

cd /usr/src/etc/pam.d && make install worked just perfectly for me.
I had no local modifications, so no reason to bother about merging.

Please, close this issue.

/dennis

#10 Updated by dillon over 5 years ago

:Peter Avalos <> added the comment:
:
:How's this look?
:
:------------
:The PAM modules and some userland utilities were changed to become PAM-awar=
:e=2E
:The configuration files in /etc/pam.d/ need to be updated for the change. =
:If
:there are no local modifications in /etc/pam.d/, the easiest thing to do is:
:
: cd /usr/src/etc/pam.d
: make install
:
:The configuration files may also be updated with 'mergemaster -s'.
:------------
:
:--Peter

Ick. make upgrade should either do the required work or it should
work the user at the end that work needs to be done. That's the
whole point of having a make upgrade.

-Matt

#11 Updated by pavalos about 5 years ago

8424467a03e42b42f2e4fb15bdc8cccb301aa1da should fix this.

Also available in: Atom PDF