FS#13761 - coreutils-6.12-1: Allows su access to root without being in wheel group
Attached to Project:
Arch Linux
Opened by Todd Partridge (Gen2ly) - Thursday, 12 March 2009, 02:23 GMT
Last edited by Aaron Griffin (phrakture) - Thursday, 12 March 2009, 17:04 GMT
Opened by Todd Partridge (Gen2ly) - Thursday, 12 March 2009, 02:23 GMT
Last edited by Aaron Griffin (phrakture) - Thursday, 12 March 2009, 17:04 GMT
|
Details
Description:
Just installed Arch Linux and orginally added myself to wheel group. Removed myself from wheel group yesterday, started the computer today and su'd to root before remembering that I shouldn't be able to. The user is not it /etc/group nor shows with "id <user>": grep wheel /etc/group wheel::10:root id todd uid=1001(todd) gid=100(users) groups=100(users),50(games),92(audio),93(optical),95(storage) Additional info: * package version(s): coreutils-6.12-1 * config and/or log files etc: tail /var/log/auth.log ... Mar 11 20:01:26 part-emach su: pam_unix(su:session): session opened for user root by (uid=1001) Perhaps I'm a little out of date. In Gentoo, wheel group permission was explicate before being able to gain root priviledges. |
This task depends upon
Closed by Aaron Griffin (phrakture)
Thursday, 12 March 2009, 17:04 GMT
Reason for closing: Not a bug
Additional comments about closing: PAM configuration issue
Thursday, 12 March 2009, 17:04 GMT
Reason for closing: Not a bug
Additional comments about closing: PAM configuration issue
See
$ cat /etc/pam.d/su
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth required pam_unix.so
account required pam_unix.so
session required pam_unix.so
so uncomment, the lines that are necesary for you :)
Just learned su has a configuration. :)
Thanks Gerardo.
Requesting closure.