Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
su without password[solved]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Adel Ahmed
Veteran
Veteran


Joined: 21 Sep 2012
Posts: 1158

PostPosted: Fri Jun 03, 2016 9:46 am    Post subject: su without password[solved] Reply with quote

I'm installing gentoo on a new machine, I'm using systemd:
[ebuild R ] sys-libs/pam-1.2.1::gentoo USE="-audit -berkdb -cracklib -debug -nis -nls -pie (-selinux) {-test} -vim-syntax" ABI_X86="(64) -32 (-x32)" 1,729 KiB
[ebuild R ] sys-apps/systemd-226-r2:0/2::gentoo USE="kdbus kmod pam policykit -acl (-apparmor) -audit -cryptsetup -curl -elfutils -gcrypt -gnuefi -http -idn -importd -lz4 -lzma -nat -qrcode -seccomp (-selinux) -ssl -sysv-utils {-test} -vanilla -xkb" ABI_X86="32 (64) (-x32)" 3,823 KiB


and I added the following line to pam.d/su(the bold line):
auth sufficient pam_rootok.so
#auth required pam_wheel.so use_uid
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
session required pam_env.so
session optional pam_xauth.so
auth sufficient pam_wheel.so use_uid trust



this is the same as my other laptop(except pam.d has only that 1 line, which I had tried with no luck) as I keep getting prompted for the root password

thanks


Last edited by Adel Ahmed on Sun Jun 05, 2016 6:59 pm; edited 1 time in total
Back to top
View user's profile Send private message
Syl20
Guru
Guru


Joined: 04 Aug 2005
Posts: 564
Location: France

PostPosted: Fri Jun 03, 2016 1:59 pm    Post subject: Reply with quote

AFAIK, pam_rootok authorizes su without password from root to another user, not the opposite.

You can do the opposite by two ways :

1/ add this in /etc/pam.d/su (below the pam_rootok line) :
Code:
auth       sufficient   pam_succeed_if.so use_uid user = your_user


2/ use sudo.
Back to top
View user's profile Send private message
Adel Ahmed
Veteran
Veteran


Joined: 21 Sep 2012
Posts: 1158

PostPosted: Fri Jun 03, 2016 3:00 pm    Post subject: Reply with quote

I don't want to use sudo

unfortunately adding that line did not work, I see nothing in journalctl except for:
Jun 03 18:59:48 g50-80 su[17604]: Successful su for root by adel
Jun 03 18:59:48 g50-80 su[17604]: + /dev/pts/7 adel:root
Back to top
View user's profile Send private message
Syl20
Guru
Guru


Joined: 04 Aug 2005
Posts: 564
Location: France

PostPosted: Fri Jun 03, 2016 5:48 pm    Post subject: Reply with quote

That's strange. Did you add the line just below the pam_rootok line, i.e. above the include line ?

If so, pam_succeed_if has a debug option :
Code:
auth       sufficient   pam_succeed_if.so debug use_uid user = adel


You can try to use the pam_wheel module instead. Add your user to the wheel group, and this to /etc/pam.d/su (again, just below the pam_rootok line) :
Code:
auth sufficient pam_wheel.so trust use_uid
Back to top
View user's profile Send private message
Adel Ahmed
Veteran
Veteran


Joined: 21 Sep 2012
Posts: 1158

PostPosted: Fri Jun 03, 2016 7:01 pm    Post subject: Reply with quote

strange indeed
auth sufficient pam_rootok.so
auth sufficient pam_wheel.so trust use_uid
#auth sufficient pam_succeed_if.so debug use_uid user = adel
#auth required pam_wheel.so use_uid
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
session required pam_env.so
session optional pam_xauth.so
auth sufficient pam_wheel.so use_uid trust


I've tried both and I get nothing, thing is the wheel bit is working on another machine, what are the chances things are not working because of a missing use flag or anything machine specific(apart from configuration)?
Back to top
View user's profile Send private message
Adel Ahmed
Veteran
Veteran


Joined: 21 Sep 2012
Posts: 1158

PostPosted: Sun Jun 05, 2016 6:59 pm    Post subject: Reply with quote

figured the problem out,the shadow package was installed without the pam flag
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum