You are not logged in.
- Topics: Active | Unanswered
#1 2016-09-15 15:22:45
- lazork
- Member
- Registered: 2008-11-12
- Posts: 30
[Solved] su run as root asks for passwod
Until a recent update, If I ran `su` as root I was able to impersonate any other user without being asked for a password:
[root@myhost]# su otheruser
[otheruser@myhost]$Now, however, I'm asked to enter a password. No matter the password I enter (I can even simply press ENTER) I'm able to "su" to any user
[root@myhost]# su otheruser
Password:
[otheruser@myhost]$This seems really strange, as I expect root to be able to "su" to any other user without any password (and this is actually what's happening, but I still get the useless password prompt).
Can anyone tell me what might be causing this?
Last edited by lazork (2016-09-16 06:46:19)
Offline
#2 2016-09-15 15:34:22
- Starfish
- Member
- From: Germany
- Registered: 2015-10-21
- Posts: 134
Re: [Solved] su run as root asks for passwod
Have you made changes in your /etc/sudoers ?
"Yesterday is history, tomorrow is a mystery, but today is a gift. That is why it is called the present." - Master Oogway
Offline
#3 2016-09-15 15:40:03
- ewaller
- Administrator
- From: Pasadena, CA
- Registered: 2009-07-13
- Posts: 20,293
Re: [Solved] su run as root asks for passwod
Works fine here. What kernel are you using?
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline
#4 2016-09-15 15:42:39
- lazork
- Member
- Registered: 2008-11-12
- Posts: 30
Re: [Solved] su run as root asks for passwod
I made no changes to /etc/sudoers
/etc/sudoers:
root ALL=(ALL) ALL/etc/sudoers.d/admin:
%admin ALL=(ALL) ALL
%sudo ALL=(ALL:ALL) ALLKernel version is 4.7.2-1.
Last edited by lazork (2016-09-15 15:43:41)
Offline
#5 2016-09-15 15:48:40
- Trilby
- Inspector Parrot
- Registered: 2011-11-29
- Posts: 30,330
- Website
Re: [Solved] su run as root asks for passwod
Don't bother with the sudoers file. That has nothing to do with `su`. You need not even have sudo installed (and thus no sudoers file) to use `su`.
"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman
Offline
#6 2016-09-15 15:59:10
- WorMzy
- Administrator
- From: Scotland
- Registered: 2010-06-16
- Posts: 12,518
- Website
Re: [Solved] su run as root asks for passwod
Please post the output of the following commands:
$ which su
$ pacman -Qkk util-linuxSakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD
Making lemonade from lemons since 2015.
Offline
#7 2016-09-15 16:04:41
- Awebb
- Member
- Registered: 2010-05-06
- Posts: 6,662
Re: [Solved] su run as root asks for passwod
Please post the output of the following commands:
$ which su $ pacman -Qkk util-linux
I'd be curious about the which line as well. I once identified a break-in through this behavior, because something tried to hijack the su binary.
Offline
#8 2016-09-15 21:28:59
- lazork
- Member
- Registered: 2008-11-12
- Posts: 30
Re: [Solved] su run as root asks for passwod
By looking at the output of `pacman -Qkk util-linux` (I didn't know about the kk option... I know, it's in the man page 
), I found that, a long time ago, I modified two configuration files:
backup file: util-linux: /etc/pam.d/su (Modification time mismatch)
backup file: util-linux: /etc/pam.d/su (Size mismatch)
backup file: util-linux: /etc/pam.d/su-l (Modification time mismatch)
backup file: util-linux: /etc/pam.d/su-l (Size mismatch)
util-linux: 466 total files, 0 altered filesI did this on purpose to allow LDAP authentication (which I still need), and I followed the wiki page.
My /etc/pam.d/su and /etc/pam.d/su-l therefore contained (as the wiki suggests):
#%PAM-1.0
auth sufficient pam_ldap.so
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth required pam_unix.so use_first_pass
account sufficient pam_ldap.so
account required pam_unix.so
session sufficient pam_ldap.so
session required pam_unix.soI switched the first two lines (placing pam_rootok.so before pam_ldap.so) and everything seems ok now.
The change I made, seems to make sense to me. Can you confirm it is better to place pam_rootok before pam_ldap?
Should I change the wiki?
P.S. Thank you all for the help. And for those curious, `which su` returns /usr/bin/su
Offline
#9 2016-09-16 05:52:34
- HiImTye
- Member
- From: Halifax, NS, Canada
- Registered: 2012-05-09
- Posts: 1,072
Re: [Solved] su run as root asks for passwod
I switched the first two lines (placing pam_rootok.so before pam_ldap.so) and everything seems ok now.
The change I made, seems to make sense to me. Can you confirm it is better to place pam_rootok before pam_ldap?
Should I change the wiki?
swapping those two means that pam_rootok.so is checked first, and is sufficient, so the ldap module is never used. it makes perfect sense.
Offline