#5795 NORM Never A: joyride-1489 sets the root password

Zarro Boogs per Child bugtracker at laptop.org
Sun Jan 6 19:24:01 EST 2008


#5795: joyride-1489 sets the root password
---------------------+------------------------------------------------------
  Reporter:  dlang   |       Owner:  jg                               
      Type:  defect  |      Status:  reopened                         
  Priority:  normal  |   Milestone:  Never Assigned                   
 Component:  distro  |     Version:  Development build as of this date
Resolution:          |    Keywords:                                   
  Verified:  0       |    Blocking:                                   
 Blockedby:          |  
---------------------+------------------------------------------------------
Changes (by AlbertCahalan):

  * status:  closed => reopened
  * resolution:  wontfix =>


Comment:

 As noted many times by many people, this is causing problems.
 As pointed out in bug #5537, there is a simple fix for "su".

 Place the text below into /etc/pam.d/su and place user
 olpc into the wheel group. (the "pam_succeed_if" line is key)
 Enable the root account without a password.

 Bugs #5879, #5795, #5792, and #5707 just go away. Yay!

 (note: "pam_wheel" would not protect user "olpc"; thus the need to use
 "pam_succeed_if")

 {{{
 #%PAM-1.0
 auth            sufficient      pam_rootok.so
 auth            required        pam_succeed_if.so use_uid user ingroup
 wheel
 #auth           required        pam_listfile.so onerr=fail item=user
 sense=allow file=/etc/security/su.allow
 #auth           required        pam_listfile.so onerr=fail item=user
 sense=deny file=/etc/security/su.deny
 # Uncomment the following line to implicitly trust users in the "wheel"
 group.
 #auth           sufficient      pam_wheel.so trust use_uid
 # Uncomment the following line to require a user to be in the "wheel"
 group.
 #auth            required        pam_wheel.so use_uid
 auth            include         system-auth
 account         sufficient      pam_succeed_if.so uid = 0 use_uid quiet
 account         include         system-auth
 password        include         system-auth
 session         include         system-auth
 session         optional        pam_xauth.so
 }}}

-- 
Ticket URL: <http://dev.laptop.org/ticket/5795#comment:4>
One Laptop Per Child <http://dev.laptop.org>
OLPC bug tracking system



More information about the Bugs mailing list