View previous topic :: View next topic |
Author |
Message |
lutel Tux's lil' helper
Joined: 19 Oct 2003 Posts: 110 Location: Pomroczna
|
Posted: Wed Jan 26, 2022 7:48 am Post subject: After latest update of shadow, can't su - anymore |
|
|
Hello
After recent update to [ebuild R ] sys-apps/shadow-4.11.1:0/4::gentoo USE="acl nls pam (split-usr) xattr -audit -bcrypt -cracklib (-selinux) -skey -su" 0 KiB
I can't su anymore to root. The /etc/pam.d/other exist
Code: | auth required pam_deny.so
account required pam_deny.so
password required pam_deny.so
session required pam_deny.so
|
/var/log/security
Code: |
2022-01-26 08:43:53 mail su pam_unix(su-l:session): session closed for user xxxx
2022-01-26 08:43:55 mail su (to xxxx) root on pts/2
2022-01-26 08:43:55 mail su pam_unix(su-l:session): session opened for user xxxx(uid=2215) by root(uid=0)
2022-01-26 08:43:55 mail su PAM _pam_init_handlers: no default config other
2022-01-26 08:43:55 mail su PAM error reading PAM configuration file
2022-01-26 08:43:55 mail su PAM pam_start: failed to initialize handlers
2022-01-26 08:43:55 mail su FAILED SU (to root) xxxx on pts/2
2022-01-26 08:43:55 mail su PAM pam_end: NULL pam handle passed
2022-01-26 08:44:02 mail su pam_unix(su-l:session): session closed for user xxxx |
|
|
Back to top |
|
|
tuxilla n00b
Joined: 12 Jun 2004 Posts: 12
|
Posted: Wed Jan 26, 2022 9:58 am Post subject: |
|
|
You have to rebuild sys-apps/shadow-4.11.1 with USE=su and sys-apps/util-linux-2.37.3 with USE=-su. |
|
Back to top |
|
|
Phoenix591 Guru
Joined: 17 Sep 2007 Posts: 495
|
Posted: Wed Jan 26, 2022 10:27 am Post subject: |
|
|
tuxilla wrote: | You have to rebuild sys-apps/shadow-4.11.1 with USE=su and sys-apps/util-linux-2.37.3 with USE=-su. |
Other way around. build util-linux with su and shadow with -su.
Quote: | sys-apps/util-linux: enable su by default
shadow 4.10+ is deprecating 'su', so we're switching
to util-linux's implementation by default. |
|
|
Back to top |
|
|
tuxilla n00b
Joined: 12 Jun 2004 Posts: 12
|
|
Back to top |
|
|
CaptainBlood Advocate
Joined: 24 Jan 2010 Posts: 3977
|
Posted: Wed Jan 26, 2022 3:57 pm Post subject: |
|
|
tuxilla wrote: | You have to rebuild sys-apps/shadow-4.11.1 with USE=su and sys-apps/util-linux-2.37.3 with USE=-su. |
That's the way things are set here...
Before switching su USE, bumping here to make sure I'm not mistaking something.
Thls 4 ur attention, interest & support. _________________ USE="-* ..." in /etc/portage/make.conf here, i.e. a countermeasure to portage implicit braces, belt & diaper paradigm
LT: "I've been doing a passable imitation of the Fontana di Trevi, except my medium is mucus. Sooo much mucus. " |
|
Back to top |
|
|
CaptainBlood Advocate
Joined: 24 Jan 2010 Posts: 3977
|
Posted: Wed Jan 26, 2022 4:20 pm Post subject: |
|
|
After reading the above bug report (dated 26 jan 2022), I decided to postpone rebuild since it seems my switch would also require util-linux to USE=suid for equivalent feature(?).
Feeling a little unconfortable here...
Thks 4 ur attention, interest & support. _________________ USE="-* ..." in /etc/portage/make.conf here, i.e. a countermeasure to portage implicit braces, belt & diaper paradigm
LT: "I've been doing a passable imitation of the Fontana di Trevi, except my medium is mucus. Sooo much mucus. " |
|
Back to top |
|
|
tuxilla n00b
Joined: 12 Jun 2004 Posts: 12
|
Posted: Wed Jan 26, 2022 4:38 pm Post subject: |
|
|
My USE flag for sys-apps/util-linux has been "-suid" and momentarily "-su -suid". So I'm still feeling comfortable. |
|
Back to top |
|
|
CaptainBlood Advocate
Joined: 24 Jan 2010 Posts: 3977
|
Posted: Wed Jan 26, 2022 5:02 pm Post subject: |
|
|
shadow[su] allows user to go root here.
util-linux[su,suid] seems required to allow the same.
It will bring additional features to non root such as mount which shadow[su] doesn't allows here.
Can't tell about wall/write, since I never used it, iirc.
Thks 4 ur attention, interest & support. _________________ USE="-* ..." in /etc/portage/make.conf here, i.e. a countermeasure to portage implicit braces, belt & diaper paradigm
LT: "I've been doing a passable imitation of the Fontana di Trevi, except my medium is mucus. Sooo much mucus. " |
|
Back to top |
|
|
grknight Retired Dev
Joined: 20 Feb 2015 Posts: 1960
|
Posted: Wed Jan 26, 2022 5:06 pm Post subject: |
|
|
suid USE on sys-apps/util-linux is nothing to be feared.
By default, it only adds to mount. With su USE, su also is set with it. If tty-helpers USE, wall and write also get suid.
These apps generally need it so please don't remove it. |
|
Back to top |
|
|
CaptainBlood Advocate
Joined: 24 Jan 2010 Posts: 3977
|
Posted: Wed Jan 26, 2022 5:24 pm Post subject: |
|
|
grknight,
Nice clarification.
util-linux[su -suid] would prevent tofrom non root GUI env to perform maintenance, i.e. to install via emerge, iiuc.
Thks 4 ur attention, interest & support. _________________ USE="-* ..." in /etc/portage/make.conf here, i.e. a countermeasure to portage implicit braces, belt & diaper paradigm
LT: "I've been doing a passable imitation of the Fontana di Trevi, except my medium is mucus. Sooo much mucus. " |
|
Back to top |
|
|
CaptainBlood Advocate
Joined: 24 Jan 2010 Posts: 3977
|
Posted: Wed Jan 26, 2022 6:38 pm Post subject: |
|
|
As far as size is concerned: Code: | luc@amd64 ~ $ ll /bin/su
-rws--x--x 1 root root 41512 janv. 26 07:36 /bin/su [shadow no-lto]
luc@amd64 ~ $ ll /bin/su
-rws--x--x 1 root root 52144 janv. 26 21:32 /bin/su [util-linux lto] | Thks 4 ur attention, interest & support. _________________ USE="-* ..." in /etc/portage/make.conf here, i.e. a countermeasure to portage implicit braces, belt & diaper paradigm
LT: "I've been doing a passable imitation of the Fontana di Trevi, except my medium is mucus. Sooo much mucus. " |
|
Back to top |
|
|
CaptainBlood Advocate
Joined: 24 Jan 2010 Posts: 3977
|
Posted: Wed Jan 26, 2022 7:31 pm Post subject: |
|
|
util-linux 'su -' echoes previous login timestamp: Code: | Dernière connexion : mercredi 26 janvier 2022 à 22:23:34 EAT sur pts/3 | Thks 4 ur attention, interest & support. _________________ USE="-* ..." in /etc/portage/make.conf here, i.e. a countermeasure to portage implicit braces, belt & diaper paradigm
LT: "I've been doing a passable imitation of the Fontana di Trevi, except my medium is mucus. Sooo much mucus. " |
|
Back to top |
|
|
|