#5795 NORM Never A: joyride-1489 sets the root password
Zarro Boogs per Child
bugtracker at laptop.org
Sun Jan 6 19:24:01 EST 2008
#5795: joyride-1489 sets the root password
---------------------+------------------------------------------------------
Reporter: dlang | Owner: jg
Type: defect | Status: reopened
Priority: normal | Milestone: Never Assigned
Component: distro | Version: Development build as of this date
Resolution: | Keywords:
Verified: 0 | Blocking:
Blockedby: |
---------------------+------------------------------------------------------
Changes (by AlbertCahalan):
* status: closed => reopened
* resolution: wontfix =>
Comment:
As noted many times by many people, this is causing problems.
As pointed out in bug #5537, there is a simple fix for "su".
Place the text below into /etc/pam.d/su and place user
olpc into the wheel group. (the "pam_succeed_if" line is key)
Enable the root account without a password.
Bugs #5879, #5795, #5792, and #5707 just go away. Yay!
(note: "pam_wheel" would not protect user "olpc"; thus the need to use
"pam_succeed_if")
{{{
#%PAM-1.0
auth sufficient pam_rootok.so
auth required pam_succeed_if.so use_uid user ingroup
wheel
#auth required pam_listfile.so onerr=fail item=user
sense=allow file=/etc/security/su.allow
#auth required pam_listfile.so onerr=fail item=user
sense=deny file=/etc/security/su.deny
# Uncomment the following line to implicitly trust users in the "wheel"
group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel"
group.
#auth required pam_wheel.so use_uid
auth include system-auth
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session optional pam_xauth.so
}}}
--
Ticket URL: <http://dev.laptop.org/ticket/5795#comment:4>
One Laptop Per Child <http://dev.laptop.org>
OLPC bug tracking system
More information about the Bugs
mailing list