http://bugzilla.novell.com/show_bug.cgi?id=623432 http://bugzilla.novell.com/show_bug.cgi?id=623432#c0 Summary: su from root fails for locked accounts Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: All OS/Version: openSUSE 11.3 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: nathanr@lesmills.net.au QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.10) Gecko/20100506 SUSE/3.5.10-0.1.1 Firefox/3.5.10 I've managed to reproduce bug #556077 on openSUSE 11.3. It's claimed in that bug that it was fixed in 11.2, but I can reproduce it under 11.3. Reproducible: Always Steps to Reproduce: linux-07mr:~ # useradd -m -d /opt/test -g postgres test linux-07mr:~ # su - test su: incorrect password linux-07mr:~ # passwd test Changing password for test. New Password: Bad password: too short Reenter New Password: Password changed. linux-07mr:~ # su - test test@linux-07mr:~> another use case: linux-07mr:~ # useradd -m -d /opt/test -g postgres test linux-07mr:~ # grep test /etc/shadow test:!:14809:0:99999:7::: linux-07mr:~ # vim /etc/shadow linux-07mr:~ # grep test /etc/shadow test:*:14809:0:99999:7::: linux-07mr:~ # su - test test@linux-07mr:~> Actual Results: Can not su from root to another non-root user which has a disabled account where there is a "!" for the password. Works fine where "*" is the password, as per bug #556077 Expected Results: Should be able to su as root to a disabled account. As noted in bug #550677, this stops the PostgreSQL initdb scripts from working. For us, it's EnterpriseDB PostgresPlus Standard installer, which works fine on SLES 11 SP1, but not on openSUSE 11.2 or 11.3. They do a "useradd" then an "su" to the created user, which fails. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.