On 02/04/18 11:13 PM, David C. Rankin wrote:
The last surprise was the missing convenience directives in /etc/pam.d/su that no longer provided an easy uncomment to allow users of 'wheel' to su without a password, e.g.
# Uncomment the following line to implicitly trust users in the "wheel" group. auth sufficient pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. auth required pam_wheel.so use_uid
... the removal may be a security enhancement, but thankfully I have a ssh client on my phone that I could jump on an older install and get the details (heaven know I didn't recall the specifics)
ironically, not only have the lines in /etc/pam.d/su been removed, but, so far as I can find, so has pam_wheel.so. Ironically it's all still there # rpm -ql pam | grep wheel /lib64/security/pam_wheel.so /usr/share/man/man8/pam_wheel.8.gz # rpm -qf /usr/share/man/man8/pam_wheel.8.gz pam-1.3.0-16.1.x86_64 main:/etc/pam.d # zypper info pam Information for package pam: ---------------------------- Repository : openSUSE-Leap-42.3-Update <----------------- Name : pam Version : 1.3.0-16.1 Arch : x86_64 Vendor : openSUSE Installed Size : 1.5 MiB Installed : Yes Status : up-to-date Source package : pam-1.3.0-16.1.src Do you have the update repository enabled? # rpm -qf /etc/pam.d/su util-linux-2.29.2-5.1.x86_64 main:/etc/pam.d # zypper info util-linux Loading repository data... Reading installed packages... Information for package util-linux: ----------------------------------- Repository : openSUSE-Leap-42.3-Update Name : util-linux Version : 2.29.2-5.1 Arch : x86_64 Vendor : openSUSE Installed Size : 3.7 MiB Installed : Yes Status : up-to-date -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org