Controlling su w/ listfile module

Controlling su w/ listfile module

Post by Thomas Fowle » Sun, 31 Dec 1899 09:00:00



I am also having this exact same problem (small world -:)

any ideas anyone?




> > I'm attempting to controll who can su to root using the listfile
> module,
> > but am not having any success. It denies all users - which is not my
> > intent.
> I'm having a similar problem but in my case, I cannot su OR login to
> root from any user account. I have double-checked the PAM conf file for
> su against other Linux (RedHat) machines here and I still can't figure
> it out. Here is my current /etc/pam.d/su file:
> #%PAM-1.0
> auth required /lib/security/pam_pwdb.so shadow nullok
> account required /lib/security/pam_pwdb.so
> password required /lib/security/pam_cracklib.so
> password required /lib/security/pam_pwdb.so nullok use_authtok md5
> shadow
> session required /lib/security/pam_pwdb.so
> No other security files under /etc have any entries and /etc/securetty
> includes all possible ttys that I'm trying (even though I don't have the
> securetty pam module activated). The problem happens in both X terminals
> and console terminals.
> Even stranger, I can su from root to any other account, but then I can't
> su back to root. I can log in normally with user accounts, but I cannot
> log into root by doing shell$ login. Y can only log in when I get a
> clean login prompt.
> Any ideas about what I'm still missing?? What other files come into play
> that I have overlooked?
> Thanks,
> Ike

> Sent via Deja.com http://www.deja.com/
> Before you buy.

 
 
 

Controlling su w/ listfile module

Post by ike_ar.. » Sun, 31 Dec 1899 09:00:00




> I'm attempting to controll who can su to root using the listfile
module,
> but am not having any success. It denies all users - which is not my
> intent.

I'm having a similar problem but in my case, I cannot su OR login to
root from any user account. I have double-checked the PAM conf file for
su against other Linux (RedHat) machines here and I still can't figure
it out. Here is my current /etc/pam.d/su file:
#%PAM-1.0
auth required /lib/security/pam_pwdb.so shadow nullok
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_pwdb.so nullok use_authtok md5
shadow
session required /lib/security/pam_pwdb.so
No other security files under /etc have any entries and /etc/securetty
includes all possible ttys that I'm trying (even though I don't have the
securetty pam module activated). The problem happens in both X terminals
and console terminals.
Even stranger, I can su from root to any other account, but then I can't
su back to root. I can log in normally with user accounts, but I cannot
log into root by doing shell$ login. Y can only log in when I get a
clean login prompt.
Any ideas about what I'm still missing?? What other files come into play
that I have overlooked?
Thanks,
Ike

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

1. control (was Re: su in NT?)

  Remember: the GPL gives you most of the rights of ownership.  By that
I mean you can do whatever you want with the software (modify it, fork
off your own development, etc.) as long the result is still GPLed.
  Also, it's quite common for an organization to have their own fixes and
enhancements for a product.  The CVS documentation covers how to manage this.
Basically, every time you adopt a new release, you "merge" your changes into
the stock distribution, just as though you were another developer.  Pretty
nifty.
  Basically, you have a lot more control over linux than you would over NT.

Ooh, but the fun of porting ;-).

Opening up NT?  They'll never do that.  If they opened up NT, the MS
empire would come crashing down.  An open NT would be a cloned (and
probably running under Linux) NT.  I think Microsoft is entrenched
because only they know the full APIs of their operating systems, and
dominate the apps.  Their apps use a lot of undocumented calls, so
they can't run on Windows clones.  Microsoft apps are a major benefit
of running Microsoft OSes.  Hence, any Windows clones would have to
run MS apps, which they can't, for a lack of information.

This makes it hard to forsee MS opening up NT unless their backs
are to the wall.  If that occurred, they would be dead already.

-Chris

2. Pb with "del" key in Konsole

3. su and "bash: no job control in this shell"

4. CFD: termcap vs. terminfo

5. difference between su and su -

6. odd dupe symlinks

7. su to a user then su to root in startup script

8. Perl CGI-LIB.PL

9. differences between su root and su - root

10. NEW: Extended Access control module for Apache

11. Disappearing KDE Control Center Modules

12. su vs. su -

13. su problem -- su: Unknown id: root