View previous topic :: View next topic |
Author |
Message |
Adel Ahmed Veteran
Joined: 21 Sep 2012 Posts: 1523
|
Posted: Fri Jun 03, 2016 9:46 am Post subject: su without password[solved] |
|
|
I'm installing gentoo on a new machine, I'm using systemd:
[ebuild R ] sys-libs/pam-1.2.1::gentoo USE="-audit -berkdb -cracklib -debug -nis -nls -pie (-selinux) {-test} -vim-syntax" ABI_X86="(64) -32 (-x32)" 1,729 KiB
[ebuild R ] sys-apps/systemd-226-r2:0/2::gentoo USE="kdbus kmod pam policykit -acl (-apparmor) -audit -cryptsetup -curl -elfutils -gcrypt -gnuefi -http -idn -importd -lz4 -lzma -nat -qrcode -seccomp (-selinux) -ssl -sysv-utils {-test} -vanilla -xkb" ABI_X86="32 (64) (-x32)" 3,823 KiB
and I added the following line to pam.d/su(the bold line):
auth sufficient pam_rootok.so
#auth required pam_wheel.so use_uid
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
session required pam_env.so
session optional pam_xauth.so
auth sufficient pam_wheel.so use_uid trust
this is the same as my other laptop(except pam.d has only that 1 line, which I had tried with no luck) as I keep getting prompted for the root password
thanks
Last edited by Adel Ahmed on Sun Jun 05, 2016 6:59 pm; edited 1 time in total |
|
Back to top |
|
|
Syl20 l33t
Joined: 04 Aug 2005 Posts: 619 Location: France
|
Posted: Fri Jun 03, 2016 1:59 pm Post subject: |
|
|
AFAIK, pam_rootok authorizes su without password from root to another user, not the opposite.
You can do the opposite by two ways :
1/ add this in /etc/pam.d/su (below the pam_rootok line) :
Code: | auth sufficient pam_succeed_if.so use_uid user = your_user |
2/ use sudo. |
|
Back to top |
|
|
Adel Ahmed Veteran
Joined: 21 Sep 2012 Posts: 1523
|
Posted: Fri Jun 03, 2016 3:00 pm Post subject: |
|
|
I don't want to use sudo
unfortunately adding that line did not work, I see nothing in journalctl except for:
Jun 03 18:59:48 g50-80 su[17604]: Successful su for root by adel
Jun 03 18:59:48 g50-80 su[17604]: + /dev/pts/7 adel:root |
|
Back to top |
|
|
Syl20 l33t
Joined: 04 Aug 2005 Posts: 619 Location: France
|
Posted: Fri Jun 03, 2016 5:48 pm Post subject: |
|
|
That's strange. Did you add the line just below the pam_rootok line, i.e. above the include line ?
If so, pam_succeed_if has a debug option :
Code: | auth sufficient pam_succeed_if.so debug use_uid user = adel |
You can try to use the pam_wheel module instead. Add your user to the wheel group, and this to /etc/pam.d/su (again, just below the pam_rootok line) :
Code: | auth sufficient pam_wheel.so trust use_uid |
|
|
Back to top |
|
|
Adel Ahmed Veteran
Joined: 21 Sep 2012 Posts: 1523
|
Posted: Fri Jun 03, 2016 7:01 pm Post subject: |
|
|
strange indeed
auth sufficient pam_rootok.so
auth sufficient pam_wheel.so trust use_uid
#auth sufficient pam_succeed_if.so debug use_uid user = adel
#auth required pam_wheel.so use_uid
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
session required pam_env.so
session optional pam_xauth.so
auth sufficient pam_wheel.so use_uid trust
I've tried both and I get nothing, thing is the wheel bit is working on another machine, what are the chances things are not working because of a missing use flag or anything machine specific(apart from configuration)? |
|
Back to top |
|
|
Adel Ahmed Veteran
Joined: 21 Sep 2012 Posts: 1523
|
Posted: Sun Jun 05, 2016 6:59 pm Post subject: |
|
|
figured the problem out,the shadow package was installed without the pam flag |
|
Back to top |
|
|
|