[Bug 533249] New: coreutils: su command somehow broken
http://bugzilla.novell.com/show_bug.cgi?id=533249 Summary: coreutils: su command somehow broken Classification: openSUSE Product: openSUSE 11.2 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: choeger@open-xchange.com QAContact: qa@suse.de Found By: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.13) Gecko/2009080200 SUSE/3.0.13-0.1.2 Firefox/3.0.13 The su command on 11.2 M5 seems to be quite broken. # su open-xchange ls su: incorrect password How to reproduce: On openSUSE 11.1 it works like expected: mobile:~ # useradd testuser mobile:~ # su testuser ls bash: ls: Permission denied mobile:~ # userdel testuser no crontab for testuser mobile:~ # su testuser ls su: user testuser does not exist On 11.2M5 it says incorrect password without even prompting for it: # useradd testuser # su testuser ls su: incorrect password # userdel testuser no crontab for testuser # su testuser ls su: user testuser does not exist Reproducible: Always -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=533249 shuang qiu <sqiu@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |sqiu@novell.com AssignedTo|bnc-team-screening@forge.pr |pth@novell.com |ovo.novell.com | -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=533249 User jnelson-suse@jamponi.net added comment http://bugzilla.novell.com/show_bug.cgi?id=533249#c1 Jon Nelson <jnelson-suse@jamponi.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jnelson-suse@jamponi.net Severity|Normal |Major --- Comment #1 from Jon Nelson <jnelson-suse@jamponi.net> 2009-11-12 20:59:33 MST --- On 11.2 *released* su is still broken: As a mortal user, I can become root: su - Once root, I can become myself, but not certain other users (not sure why...): su - jnelson (this works) su - postgres (this does not work!) When it doesn't work, /var/log/messages says: Nov 12 21:57:35 laptop su: FAILED SU (to postgres) jnelson on /dev/pts/4 Uh??? I'm not jnelson! I'm root! -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=533249 User werner@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=533249#c2 Dr. Werner Fink <werner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |werner@novell.com --- Comment #2 from Dr. Werner Fink <werner@novell.com> 2009-11-13 05:19:03 MST --- (In reply to comment #0) Accordingly to the manual page the correct command line looks like /bin/su root --command=ls and this works as expected. (In reply to comment #1) This does *not* belong to this bug. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=533249 User jnelson-suse@jamponi.net added comment http://bugzilla.novell.com/show_bug.cgi?id=533249#c3 --- Comment #3 from Jon Nelson <jnelson-suse@jamponi.net> 2009-11-13 08:38:37 MST --- I'm not sure how this relates, but shadow (or passwd) entries which have ! (bang) instead of * (splat) are the ones that don't work. Splat works, bang doesn't. The passwd (5) manpage doesn't have any comments on bang, but talks about splat. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=533249 Philipp Thomas <pth@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID --- Comment #4 from Philipp Thomas <pth@novell.com> 2009-11-16 13:08:34 UTC --- Jon, please open a new report for your bug as it has nothing to do with this one. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=533249 --- Comment #5 from Jon Nelson <jnelson-suse@jamponi.net> 2009-11-16 13:12:03 UTC --- What is the cause, then? If you don't know the cause, how can you rule out a possible explanation? I seem to have the same symptoms: worklaptop:~ # su - postgres su: incorrect password worklaptop:~ # su - jnelson Directory: /home/jnelson Mon Nov 16 07:11:47 CST 2009 [jnelson@worklaptop:~] -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=533249 --- Comment #6 from Jon Nelson <jnelson-suse@jamponi.net> 2009-11-16 13:29:47 UTC --- Nevermind, I changed the entries myself and it made no difference. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=533249#c7 Jon Nelson <jnelson-suse@jamponi.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | --- Comment #7 from Jon Nelson <jnelson-suse@jamponi.net> 2009-11-16 22:14:45 UTC --- This bug is *not* resolved, and appears to have everything to do with '!' vs '*' in /etc/passwd (or /etc/shadow). '!' is used to indicate a *locked* account I turned up the PAM debugging for pam_unix2 and determined that the postgres account is locked. Performing the above tests (adduser testuser, su testuser ls, etc...) still fail. Why is the behavior different in 11.2 versus 11.1? This prevented the postgresql upgrade from working properly. I had to perform the following steps, once I had an idea that it was a locked account problem: 1. pwunconv 2. vipw and change the password for 'postgres' to '*' instead of '!' - the latter indicates that the account is locked. 3. *now* I can start postgres and such. I will open a bug report regarding the passwd (5) manpage. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=533249#c8 Philipp Thomas <pth@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |CLOSED Resolution| |INVALID --- Comment #8 from Philipp Thomas <pth@novell.com> 2009-11-18 12:20:24 UTC --- This bug as opened by Charten is closed! You have to open a new bug for your issue instead of trying to hijack a different bugreport. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=533249 http://bugzilla.novell.com/show_bug.cgi?id=533249#c9 Carsten Hoeger <choeger@open-xchange.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |REOPENED Resolution|INVALID | --- Comment #9 from Carsten Hoeger <choeger@open-xchange.com> 2009-12-09 10:11:54 UTC --- the _original_ problem is still there as I just noticed again, sorry, did not reach that point any further... oxlive:~ # useradd testuser oxlive:~ # su testuser ls su: incorrect password oxlive:~ # userdel testuser no crontab for testuser oxlive:~ # su testuser ls su: user testuser does not exist -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=533249 http://bugzilla.novell.com/show_bug.cgi?id=533249#c10 --- Comment #10 from Carsten Hoeger <choeger@open-xchange.com> 2009-12-09 10:13:37 UTC --- ah, just noticed, that su needs -c to exec a command (i use sudo too often). But anyway, it does not work: oxlive:~ # useradd testuser oxlive:~ # su testuser su: incorrect password oxlive:~ # su testuser -c ls su: incorrect password -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=533249 http://bugzilla.novell.com/show_bug.cgi?id=533249#c11 --- Comment #11 from Carsten Hoeger <choeger@open-xchange.com> 2009-12-09 10:16:37 UTC --- the real problem is, that we start open-xchange using this command: su -s /bin/bash $user -c $path > /dev/null 2>&1 & echo $! > /var/run/${name}.pid which is working fine on all currently known rpm based distributions, but not on opensuse 11.2 anymore. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=533249 http://bugzilla.novell.com/show_bug.cgi?id=533249#c12 Thorsten Kukuk <kukuk@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kukuk@novell.com, | |mc@novell.com --- Comment #12 from Thorsten Kukuk <kukuk@novell.com> 2010-03-30 07:30:57 UTC --- The answer is simple: I'm pretty sure, that all accounts, where a "su account" fails, have a locked password. Either this accounts were not created as system account but are one like postgresql, or this systems were updated from old systems, were the accounts were created wrong during installation. Or fresh created accounts without password. Solution is simple: unlock the accounts, or replace the '!' with a '*' or a valid password. Between, that pam_unix.so seems to work but not pam_unix2.so is a well known, heavy discussed bug (see linux-pam mailing list archive). If you don't use shadow accounts (pwunconv), pam_unix.so will refuse login, too. Only the shadow case was forgotten. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=533249 http://bugzilla.novell.com/show_bug.cgi?id=533249#c13 Philipp Thomas <pth@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |INVALID --- Comment #13 from Philipp Thomas <pth@novell.com> 2010-05-04 16:49:15 CEST --- As per Thorstens response it's no bug in coreutils. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=533249 http://bugzilla.novell.com/show_bug.cgi?id=533249#c14 --- Comment #14 from Bernhard Wiedemann <bwiedemann@suse.com> --- This is an autogenerated message for OBS integration: This bug (533249) was mentioned in https://build.opensuse.org/request/show/42907 Factory / coreutils -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com