[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ksu



Harald Barth wrote:
>> Apologize for the short answer but I was in a hurry. There is no error
>> message, ksu only prints "root's password:". Even it doesn't contact the
>> KDC.
> 
> It behaves that way if you don't have a ~root/.k5login. Because in that 
> case there is no idea to contact the KDC if no principals are allowed
> to ksu -> it prompts for the local root password.
> 
>> I've added my principal into /root/.k5login and set set uid bit on ksu
>> binary. Is it all?
> 
> .k5login owner and permissions? Confusion with /.k5login and /root/.k5login?
> 
>> wheel?
> 
> 
>     /* if su:ing to root, check membership of group wheel or root; if
>        that group doesn't exist, or is empty, allow anyone to su
>        root */
>     if(su->pw_uid == 0) {
> #ifndef ROOT_GROUP
> #define ROOT_GROUP "wheel"
> #endif
>         int gs = group_member_p(ROOT_GROUP, login->pw_name);
>         if(gs == GROUP_NOT_MEMBER) {
>             syslog (LOG_ERR | LOG_AUTH, "%s to %s: not in group %s",
>                     login->pw_name, su->pw_name, ROOT_GROUP);
>             return 1;
>         }
>         return 0;
>     }
> 
> So if your group stuff is different from the expected, you get something in syslog.

Syslog says nothing:-( I've added group wheel, but ksu still wants
root's password. I'm using heimdal 0.7.2 from Ubuntu Edgy Eft repository.

Michal

S/MIME Cryptographic Signature