From owner-freebsd-current Sat Jan 8 15: 9: 3 2000 Delivered-To: freebsd-current@freebsd.org Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11]) by hub.freebsd.org (Postfix) with SMTP id E397D14BED for ; Sat, 8 Jan 2000 15:09:00 -0800 (PST) (envelope-from dwmalone@maths.tcd.ie) Received: from walton.maths.tcd.ie by salmon.maths.tcd.ie with SMTP id ; 8 Jan 2000 23:08:36 +0000 (GMT) Date: Sat, 8 Jan 2000 23:08:35 +0000 From: David Malone To: "Kurt D. Zeilenga" Cc: Garrett Wollman , freebsd-current@freebsd.org Subject: Re: PAM'ized su(1) Message-ID: <20000108230835.A88514@walton.maths.tcd.ie> References: <3.0.5.32.20000108124258.0093bb90@localhost> <3.0.5.32.20000108112936.0095f440@localhost> <200001081932.OAA52181@khavrinen.lcs.mit.edu> <3.0.5.32.20000108124258.0093bb90@localhost> <200001082143.QAA52528@khavrinen.lcs.mit.edu> <3.0.5.32.20000108141410.00933c40@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <3.0.5.32.20000108141410.00933c40@localhost>; from Kurt@OpenLDAP.org on Sat, Jan 08, 2000 at 02:14:10PM -0800 Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, Jan 08, 2000 at 02:14:10PM -0800, Kurt D. Zeilenga wrote: > At 04:43 PM 1/8/00 -0500, Garrett Wollman wrote: > >Hmmm. I don't see any such module. Or are you proposing to write > >one? > > No. I'd just pull the pam_wheel from the Attic. If it came from the linux version of pam, then pam_wheel is broken. It uses the groups of the person listed in utmp as owning the tty, instead of the groups of the person running su. This breaks stuff like su'ing to a sysadmin and then su'ing to root from a normal users terminal, and means you can't su without a utmp entry. David. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message