You are not logged in.

Pages: 1

#1 2016-09-15 15:22:45

lazork
Member
Registered: 2008-11-12
Posts: 30

[Solved] su run as root asks for passwod

Until a recent update, If I ran `su` as root I was able to impersonate any other user without being asked for a password:

[root@myhost]# su otheruser
[otheruser@myhost]$

Now, however, I'm asked to enter a password. No matter the password I enter (I can even simply press ENTER) I'm able to "su" to any user

[root@myhost]# su otheruser
Password:
[otheruser@myhost]$

This seems really strange, as I expect root to be able to "su" to any other user without any password (and this is actually what's happening, but I still get the useless password prompt).

Can anyone tell me what might be causing this?

Last edited by lazork (2016-09-16 06:46:19)

Offline

#2 2016-09-15 15:34:22

Starfish
Member
From: Germany
Registered: 2015-10-21
Posts: 134

Re: [Solved] su run as root asks for passwod

Have you made changes in your /etc/sudoers ?

"Yesterday is history, tomorrow is a mystery, but today is a gift. That is why it is called the present." - Master Oogway

Offline

#3 2016-09-15 15:40:03

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,769

Re: [Solved] su run as root asks for passwod

Works fine here. What kernel are you using?

Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#4 2016-09-15 15:42:39

lazork
Member
Registered: 2008-11-12
Posts: 30

Re: [Solved] su run as root asks for passwod

I made no changes to /etc/sudoers

/etc/sudoers:

root ALL=(ALL) ALL

/etc/sudoers.d/admin:

%admin ALL=(ALL) ALL
%sudo	ALL=(ALL:ALL) ALL

Kernel version is 4.7.2-1.

Last edited by lazork (2016-09-15 15:43:41)

Offline

#5 2016-09-15 15:48:40

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,517
Website

Re: [Solved] su run as root asks for passwod

Don't bother with the sudoers file.  That has nothing to do with `su`.  You need not even have sudo installed (and thus no sudoers file) to use `su`.

"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#6 2016-09-15 15:59:10

WorMzy
Forum Moderator
From: Scotland
Registered: 2010-06-16
Posts: 11,840
Website

Re: [Solved] su run as root asks for passwod

Please post the output of the following commands:

$ which su
$ pacman -Qkk util-linux

Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

Offline

#7 2016-09-15 16:04:41

Awebb
Member
Registered: 2010-05-06
Posts: 6,282

Re: [Solved] su run as root asks for passwod

WorMzy wrote:

Please post the output of the following commands:

$ which su
$ pacman -Qkk util-linux

I'd be curious about the which line as well. I once identified a break-in through this behavior, because something tried to hijack the su binary.

Offline

#8 2016-09-15 21:28:59

lazork
Member
Registered: 2008-11-12
Posts: 30

Re: [Solved] su run as root asks for passwod

By looking at the output of `pacman -Qkk util-linux` (I didn't know about the kk option... I know, it's in the man page wink), I found that, a long time ago, I modified two configuration files:

backup file: util-linux: /etc/pam.d/su (Modification time mismatch)
backup file: util-linux: /etc/pam.d/su (Size mismatch)
backup file: util-linux: /etc/pam.d/su-l (Modification time mismatch)
backup file: util-linux: /etc/pam.d/su-l (Size mismatch)
util-linux: 466 total files, 0 altered files

I did this on purpose to allow LDAP authentication (which I still need), and I followed the wiki page.

My /etc/pam.d/su and /etc/pam.d/su-l therefore contained (as the wiki suggests):

#%PAM-1.0
auth		sufficient	pam_ldap.so
auth		sufficient	pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth		sufficient	pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth		required	pam_wheel.so use_uid
auth		required	pam_unix.so use_first_pass
account		sufficient	pam_ldap.so
account		required	pam_unix.so
session		sufficient	pam_ldap.so
session		required	pam_unix.so

I switched the first two lines (placing pam_rootok.so before pam_ldap.so) and everything seems ok now.
The change I made, seems to make sense to me. Can you confirm it is better to place pam_rootok before pam_ldap?
Should I change the wiki?

P.S. Thank you all for the help. And for those curious, `which su` returns /usr/bin/su

Offline

#9 2016-09-16 05:52:34

HiImTye
Member
From: Halifax, NS, Canada
Registered: 2012-05-09
Posts: 1,072

Re: [Solved] su run as root asks for passwod

lazork wrote:

I switched the first two lines (placing pam_rootok.so before pam_ldap.so) and everything seems ok now.
The change I made, seems to make sense to me. Can you confirm it is better to place pam_rootok before pam_ldap?
Should I change the wiki?

swapping those two means that pam_rootok.so is checked first, and is sufficient, so the ldap module is never used. it makes perfect sense.

Offline

Pages: 1

Board footer

Powered by FluxBB