Little Things

Little things usually are what many people detest about updating computers. Such an event occurred while testing Slackware 15.0. One of the testing user accounts was able to elevate privileges to the root user, which for about two decades never has been configured that way.

A traditional glassy-eyed head-scratching moment.

Searching found this tidbit in the 15.0 change log:


    Tue May 19 19:47:49 UTC 2020
    a/shadow-4.8.1-x86_64-8.txz:  Rebuilt.
      It seems that /etc/suauth is not supported when PAM is in use, even if
      configure.ac is hacked to enable it. I've removed the man pages for it,
      and would suggest using sudo as a replacement.
    

That led to /etc/pam.d/su, which needs the following line enabled to provide equivalent behavior:

auth required pam_wheel.so use_uid

The behavior is different. Under /etc/suauth with root:ALL EXCEPT GROUP wheel:DENY, attempting to elevate privileges fails immediately with the su command:


    Access to su to that account DENIED
    You are not authorized to su to root
    

With /etc/pam.d/su the user is not denied access until after providing a password. After providing a password there is a different message:

su: Permission denied

Little things.

Posted: Category: Usability Tagged: General

Next: Exploring Desktop Environments — 1

Previous: Xfce Desktop Background Color