Package: libpam-runtime
Version: 0.79-3
Severity: important
Even if the goal of the pam_wheel module is to (quoting the docs) "only
permit root access to members of the wheel (gid=0) group", actually it
prevents non-wheel-group users to become *any* other user, not only
root.
My /etc/pam.d/su is:
----------------------------------------
auth sufficient pam_rootok.so
auth requisite pam_wheel.so group=staff trust
...
----------------------------------------
Sample transcript:
----------------------------------------
mfc ~: id
uid=1000(mfc) gid=1000(mfc)
gruppi=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44
(video),50(staff),1000(mfc) mfc ~: su lale
Password:
lale /home/mfc: id
uid=1001(lale) gid=1001(lale) gruppi=1001(lale)
lale /home/mfc: su
su: Permission denied
Spiacente.
lale /home/mfc: su lucky
su: Permission denied
Spiacente.
lale /home/mfc:
----------------------------------------
As you can see, user "lale" who is not in the "staf" group, cannot su to
root (as intended), but cannot even su to user "lucky"!
Bye
Matteo
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]