[Bug 623432] New: su from root fails for locked accounts
http://bugzilla.novell.com/show_bug.cgi?id=623432 http://bugzilla.novell.com/show_bug.cgi?id=623432#c0 Summary: su from root fails for locked accounts Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: All OS/Version: openSUSE 11.3 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: nathanr@lesmills.net.au QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.10) Gecko/20100506 SUSE/3.5.10-0.1.1 Firefox/3.5.10 I've managed to reproduce bug #556077 on openSUSE 11.3. It's claimed in that bug that it was fixed in 11.2, but I can reproduce it under 11.3. Reproducible: Always Steps to Reproduce: linux-07mr:~ # useradd -m -d /opt/test -g postgres test linux-07mr:~ # su - test su: incorrect password linux-07mr:~ # passwd test Changing password for test. New Password: Bad password: too short Reenter New Password: Password changed. linux-07mr:~ # su - test test@linux-07mr:~> another use case: linux-07mr:~ # useradd -m -d /opt/test -g postgres test linux-07mr:~ # grep test /etc/shadow test:!:14809:0:99999:7::: linux-07mr:~ # vim /etc/shadow linux-07mr:~ # grep test /etc/shadow test:*:14809:0:99999:7::: linux-07mr:~ # su - test test@linux-07mr:~> Actual Results: Can not su from root to another non-root user which has a disabled account where there is a "!" for the password. Works fine where "*" is the password, as per bug #556077 Expected Results: Should be able to su as root to a disabled account. As noted in bug #550677, this stops the PostgreSQL initdb scripts from working. For us, it's EnterpriseDB PostgresPlus Standard installer, which works fine on SLES 11 SP1, but not on openSUSE 11.2 or 11.3. They do a "useradd" then an "su" to the created user, which fails. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=623432
http://bugzilla.novell.com/show_bug.cgi?id=623432#c
Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=623432
http://bugzilla.novell.com/show_bug.cgi?id=623432#c1
ferdinand gassauer
http://bugzilla.novell.com/show_bug.cgi?id=623432
http://bugzilla.novell.com/show_bug.cgi?id=623432#c2
Michael Calmer
http://bugzilla.novell.com/show_bug.cgi?id=623432
http://bugzilla.novell.com/show_bug.cgi?id=623432#c3
Thorsten Kukuk
http://bugzilla.novell.com/show_bug.cgi?id=623432
http://bugzilla.novell.com/show_bug.cgi?id=623432#c4
--- Comment #4 from ferdinand gassauer
http://bugzilla.novell.com/show_bug.cgi?id=623432
http://bugzilla.novell.com/show_bug.cgi?id=623432#c5
--- Comment #5 from Thorsten Kukuk
thanks for pointing out
FYI the behaviour must have changed between 11.2 and 11.3, because my installation worked before and didn't work any more after update.
Exact the same issue with EnterpriseDB PostgresPlus Standard installer was already reported before 11.2 was released. So this has not changed between 11.2 and 11.3, but the root is a bug fix in handling of shadow passwords before 11.2. For plain /etc/passwd systems, the current behavior was already the default for ever, only /etc/shadow handling did contain a bug. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com