Ubuntu
shadow package

  1. Bug #22739
  2. Comment #4

Comment 4 for bug 22739

Revision history for this message
In , Junichi Uekawa (dancer-netfort) wrote : Re: Bug#330291: Authentication problem with pbuilder

tags 330291 +patch
reassign 330291 login
severity 330291 serious
thanks

Hi,

> > Extracting source
> > Password: su: Authentication failure
> > Sorry.
> > pbuilder: Failed extracting the source
> > -> Aborting with an error
> > -> unmounting dev/pts filesystem
> > ...
> >
> >
> > I guess I have to set a further sudo permission here but for what program?
> > It is 'sudo su' ? I would not really like this even if it is convinient.
> >
>
> I've tracked the problem down to the fact that
> /etc/pam.d/su no longer exists with a clean install
> since around yesterday.
> Upgraded systems continue to work since /etc/pam.d/su
> already exists.
>
> Without /etc/pam.d/su, root running su will be asked
> for a password.
>
> I'm suspecting either of
>
> login 1:4.0.12-2 -> 1:4.0.12-3
> pam 0.76-23->0.79-1

I've tracked it down to shadow; I think this is the required patch.

diff -urN shadow-4.0.12-orig/debian/login.su.pam shadow-4.0.12/debian/login.su.pam
--- shadow-4.0.12-orig/debian/login.su.pam 1970-01-01 09:00:00.000000000 +0900
+++ shadow-4.0.12/debian/login.su.pam 2005-09-28 21:16:25.598938168 +0900
@@ -0,0 +1,45 @@
+#
+# The PAM configuration file for the Shadow `su' service
+#
+
+# Uncomment this to force users to be a member of group root
+# before they can use `su'. You can also add "group=foo" to
+# to the end of this line if you want to use a group other
+# than the default "root".
+# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
+# auth required pam_wheel.so
+
+# Uncomment this if you want wheel members to be able to
+# su without a password.
+# auth sufficient pam_wheel.so trust
+
+# Uncomment this if you want members of a specific group to not
+# be allowed to use su at all.
+# auth required pam_wheel.so deny group=nosu
+
+# This allows root to su without passwords (normal operation)
+auth sufficient pam_rootok.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time restrainst on su usage.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account requisite pam_time.so
+
+# This module parses /etc/environment (the standard for setting
+# environ vars) and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# (Replaces the `ENVIRON_FILE' setting from login.defs)
+auth required pam_env.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+@include common-auth
+@include common-account
+@include common-session
+
+# Sets up user limits, please uncomment and read /etc/security/limits.conf
+# to enable this functionality.
+# (Replaces the use of /etc/limits in old login)
+# session required pam_limits.so
diff -urN shadow-4.0.12-orig/debian/passwd.su.pam shadow-4.0.12/debian/passwd.su.pam
--- shadow-4.0.12-orig/debian/passwd.su.pam 2005-09-28 21:16:25.598938168 +0900
+++ shadow-4.0.12/debian/passwd.su.pam 1970-01-01 09:00:00.000000000 +0900
@@ -1,45 +0,0 @@
-#
-# The PAM configuration file for the Shadow `su' service
-#
-
-# Uncomment this to force users to be a member of group root
-# before they can use `su'. You can also add "group=foo" to
-# to the end of this line if you want to use a group other
-# than the default "root".
-# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
-# auth required pam_wheel.so
-
-# Uncomment this if you want wheel members to be able to
-# su without a password.
-# auth sufficient pam_wheel.so trust
-
-# Uncomment this if you want members of a specific group to not
-# be allowed to use su at all.
-# auth required pam_wheel.so deny group=nosu
-
-# This allows root to su without passwords (normal operation)
-auth sufficient pam_rootok.so
-
-# Uncomment and edit /etc/security/time.conf if you need to set
-# time restrainst on su usage.
-# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
-# as well as /etc/porttime)
-# account requisite pam_time.so
-
-# This module parses /etc/environment (the standard for setting
-# environ vars) and also allows you to use an extended config
-# file /etc/security/pam_env.conf.
-# (Replaces the `ENVIRON_FILE' setting from login.defs)
-auth required pam_env.so
-
-# The standard Unix authentication modules, used with
-# NIS (man nsswitch) as well as normal /etc/passwd and
-# /etc/shadow entries.
-@include common-auth
-@include common-account
-@include common-session
-
-# Sets up user limits, please uncomment and read /etc/security/limits.conf
-# to enable this functionality.
-# (Replaces the use of /etc/limits in old login)
-# session required pam_limits.so
diff -urN shadow-4.0.12-orig/debian/rules shadow-4.0.12/debian/rules
--- shadow-4.0.12-orig/debian/rules 2005-09-28 21:16:25.599938016 +0900
+++ shadow-4.0.12/debian/rules 2005-09-28 21:33:47.577533344 +0900
@@ -115,6 +115,7 @@
  dh_installpam -p passwd --name=groupmod
  dh_installpam -p passwd --name=newusers
  dh_installpam -p login
+ dh_installpam -p login --name=su
  install -c -m 444 debian/login.defs debian/login/etc/login.defs
  install -c -m 444 debian/securetty.$(DEB_HOST_ARCH_OS) debian/login/etc/securetty
  install -d debian/passwd/usr/share/passwd