[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] SU from user other than a member of wheel
- Subject: Re: [cobalt-users] SU from user other than a member of wheel
- From: Greg Hewitt-Long <greg@xxxxxxxxxxxxxxxxxxx>
- Date: Sat Feb 2 14:07:00 2002
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
>To have this your file /etc/pam.d/su should include these two lines:
>
> auth sufficient /lib/security/pam_rootok.so debug
> auth required /lib/security/pam_wheel.so group=wheel
Can someone publish the correct /etc/pam.d/su file, coz mine has a bunch of stuff in it that I'm not so sure about, and I'm not 100% about some of the lines.
The RAQ in question is a RAQ3 with OS2 on it.
The reason I'm a little wary about this, is that it USED to work this way, and I'm not 100% at what point is STOPPED working this way. btw - none of the dates on the files on this raq3 mean anything significant, but without a doubt, this behavior has CHANGED.
Am I just being a little paranoid when I get worried about seeing references to cracklib all over the place in pam.d files?
RAQ3:
[user@ns pam.d]$ cat su
#%PAM-1.0
auth required /lib/security/pam_pwdb.so shadow nullok
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_pwdb.so shadow use_authtok nullok
session required /lib/security/pam_pwdb.so
session optional /lib/security/pam_xauth.so
[user@ns pam.d]$ cat su.master
#%PAM-1.0
auth required /lib/security/pam_wheel.so group=wheel
auth sufficient /lib/security/pam_rootok.so
auth required /lib/security/pam_pwdb.so shadow nullok
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so retry=3
password required /lib/security/pam_pwdb.so shadow md5 nullok use_authtok
session required /lib/security/pam_pwdb.so
[user@ns pam.d]$ ls -l su su.master
-rw-r--r-- 1 root root 331 Apr 13 1999 su
-rw-r--r-- 1 root root 431 Feb 23 2001 su.master
RAQ4:
[user pam.d]$ ls -l su su.master ; cat su su.master
-rw-r--r-- 1 root root 277 May 18 2000 su
-rw-r--r-- 1 root root 277 Nov 21 06:51 su.master
#%PAM-1.0
auth required /lib/security/pam_wheel.so
auth sufficient /lib/security/pam_rootok.so
auth required /lib/security/pam_pwdb.so shadow nullok
account required /lib/security/pam_pwdb.so
session required /lib/security/pam_pwdb.so
#%PAM-1.0
auth required /lib/security/pam_wheel.so
auth sufficient /lib/security/pam_rootok.so
auth required /lib/security/pam_pwdb.so shadow nullok
account required /lib/security/pam_pwdb.so
session required /lib/security/pam_pwdb.so
thanks
Greg
>This is not by default, I guess...
>
>Regards,
>Tomás
>
>> I thought that to be able to SU to root, that a particular user had to be a
>> member of the group wheel?
>>
>> I've always forgotten about this, and many times I've kicked myself on the
>> raq3s and been told this by an error prompt.
>>
>> However, I've not tried this since installing SSH on particular box, and not
>> it allows me to SU from just about anyone... any ideas why?
>>
>> tia
>>
>> Greg
>
>+-- --+
> Tomás García Ferrari
> Bigital
> http://bigital.com/
>+-- --+
>
>
>_______________________________________________
>cobalt-users mailing list
>cobalt-users@xxxxxxxxxxxxxxx
>To Subscribe or Unsubscribe, please go to:
>http://list.cobalt.com/mailman/listinfo/cobalt-users
--
http://www.webyourbusiness.com/
Providers of E-Commerce Software &
Web Design Consultancy and Services.
PH: (970)266-0195 FAX: (970)266-0158