[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ksu
> Apologize for the short answer but I was in a hurry. There is no error
> message, ksu only prints "root's password:". Even it doesn't contact the
> KDC.
It behaves that way if you don't have a ~root/.k5login. Because in that
case there is no idea to contact the KDC if no principals are allowed
to ksu -> it prompts for the local root password.
> I've added my principal into /root/.k5login and set set uid bit on ksu
> binary. Is it all?
.k5login owner and permissions? Confusion with /.k5login and /root/.k5login?
> wheel?
/* if su:ing to root, check membership of group wheel or root; if
that group doesn't exist, or is empty, allow anyone to su
root */
if(su->pw_uid == 0) {
#ifndef ROOT_GROUP
#define ROOT_GROUP "wheel"
#endif
int gs = group_member_p(ROOT_GROUP, login->pw_name);
if(gs == GROUP_NOT_MEMBER) {
syslog (LOG_ERR | LOG_AUTH, "%s to %s: not in group %s",
login->pw_name, su->pw_name, ROOT_GROUP);
return 1;
}
return 0;
}
So if your group stuff is different from the expected, you get something in syslog.
Harald.
- Follow-Ups:
- Re: ksu
- From: Michal Prochazka <michalp@ics.muni.cz>
- References:
- Re: ksu
- From: Michal Prochazka <michalp@ics.muni.cz>
- Re: ksu
- From: Love Hörnquist Åstrand <lha@kth.se>
- Re: ksu
- From: Michal Prochazka <michalp@ics.muni.cz>