-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
I have a strange su hehavior on a CentOS 5.4 32Bit installation in a VMware ESXi virtualizied environment:
If I am root and want to change the user to a non-root user, the system prompts me for a password:
[root@halifax ~]# useradd test00 [root@halifax ~]# su - test00
We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:
#1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.
Password:
[test00@halifax ~]$ logout [root@halifax ~]# su - test00 [test00@halifax ~]$ logout [root@halifax ~]#
At this test procedure I just hit the enter key at the password promt.
Do you have any idea for this behavoir? I expect to do so from root to any account _without_ being prompted for the password.
Thanks, Uwe
Uwe Kiewel wrote:
[root@halifax ~]# useradd test00 [root@halifax ~]# su - test00
We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:
#1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.Password: ...
that almost sounds like sudo, not su. is it aliased or something?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am 08.03.2010 21:21, schrieb John R Pierce:
Uwe Kiewel wrote:
[root@halifax ~]# useradd test00 [root@halifax ~]# su - test00
We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:
#1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.Password: ...
that almost sounds like sudo, not su. is it aliased or something?
I don't think so:
[root@halifax ~]# type su su is hashed (/bin/su)
[root@halifax ~]# file /bin/su /bin/su: setuid ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), for GNU/Linux 2.6.9, stripped
[root@halifax ~]# type sudo sudo is /usr/bin/sudo
[root@halifax ~]# file /usr/bin/sudo /usr/bin/sudo: setuid ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), for GNU/Linux 2.6.9, stripped
[root@halifax ~]# sum /bin/su 22494 24
[root@halifax ~]# sum /usr/bin/sudo 63311 138
Thanks, Uwe
On Mon, 8 Mar 2010 21:28:44 +0100 Uwe Kiewel ml@kiewel-online.ch wrote:
that almost sounds like sudo, not su. is it aliased or something?
I don't think so: [root@halifax ~]# file /bin/su
You've confirmed it's not symlinked, but is it aliased?
Type "alias" and see the result.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am 09.03.2010 02:16, schrieb Spiro Harvey:
On Mon, 8 Mar 2010 21:28:44 +0100 Uwe Kiewel ml@kiewel-online.ch wrote:
that almost sounds like sudo, not su. is it aliased or something?
I don't think so: [root@halifax ~]# file /bin/su
You've confirmed it's not symlinked, but is it aliased?
Type "alias" and see the result.
[root@halifax ~]# alias alias cp='cp -i' alias l.='ls -d .* --color=tty' alias ll='ls -l --color=tty' alias ls='ls --color=tty' alias mv='mv -i' alias rm='rm -i' alias which='alias | /usr/bin/which --tty-only --read-alias --show-dot - --show-tilde'
Hi,
I have a strange su hehavior on a CentOS 5.4 32Bit installation in a VMware ESXi virtualizied environment:
If I am root and want to change the user to a non-root user, the system prompts me for a password:
[root@halifax ~]# useradd test00 [root@halifax ~]# su - test00
We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:
#1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.
Password:
The above warning comes from sudo. Figure out why you're running sudo and not su as you expect. Is it aliased?
-- Don Krause "This message represents the official view of the voices in my head."
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Uwe Kiewel Sent: Monday, March 08, 2010 2:17 PM To: centos@centos.org Subject: [CentOS] strange su behavior
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
I have a strange su hehavior on a CentOS 5.4 32Bit installation in a VMware ESXi virtualizied environment:
If I am root and want to change the user to a non-root user, the system prompts me for a password:
[root@halifax ~]# useradd test00 [root@halifax ~]# su - test00
We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:
#1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.Password:
[test00@halifax ~]$ logout [root@halifax ~]# su - test00 [test00@halifax ~]$ logout [root@halifax ~]#
At this test procedure I just hit the enter key at the password promt.
Do you have any idea for this behavoir? I expect to do so from root to any account _without_ being prompted for the password.
Thanks, Uwe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJLlVsjAAoJENs3frmum9swFTwH/1ulj7ZRETV/fAt/0NztXsn5 NJ7szhb+CPDxQCM49RdN6c8OUcZReVZsP1sTPCTiu6kvuNPm7vPhminuecIOEXA/ GUZC/6nS9YcHlFUbmO7nxpP2bbJHrrO2r9s4JdWftHP0YQUADNad9AN/jAQHd032 0xfp/vtAkj2PfIBt/J6h3taVwxx3Epb4gY2wuWYLRcJyDuzJLLD25OJVAOxuUaik RkNcpfiZM3Japq6Mb3kUGlYkdLf4+xxPCC/pwdVVC2fzSUVK9asmqq0pbu6KQfTc Lv5WwS6ENmY6eBbO5IcpILtC+LwBayjU50RWByaFl4uMcfQd9F9uVAdmnLW8/8c= =TNjq -----END PGP SIGNATURE----- _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Have you tried just running su without the dash and space before the username? (For example: su test00). If not try that and let us know if you receive the same result.
Regards,
Dan
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am 08.03.2010 22:03, schrieb Dan Burkland:
[root@halifax ~]# useradd test00 [root@halifax ~]# su - test00
We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:
#1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.Password:
[test00@halifax ~]$ logout [root@halifax ~]# su - test00 [test00@halifax ~]$ logout [root@halifax ~]#
At this test procedure I just hit the enter key at the password promt.
Do you have any idea for this behavoir? I expect to do so from root to any account _without_ being prompted for the password.
Have you tried just running su without the dash and space before the username? (For example: su test00). If not try that and let us know if you receive the same result.
Same result:
[root@halifax ~]# su test00
Password:
[test00@halifax root]$ exit [root@halifax ~]#
- -- Thanks, Uwe
From: Uwe Kiewel ml@kiewel-online.ch
If I am root and want to change the user to a non-root user, the system prompts me for a password: [root@halifax ~]# useradd test00 [root@halifax ~]# su - test00 We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. Password: [test00@halifax ~]$ logout [root@halifax ~]# su - test00 [test00@halifax ~]$ logout [root@halifax ~]# At this test procedure I just hit the enter key at the password promt. Do you have any idea for this behavoir? I expect to do so from root to any account _without_ being prompted for the password.
Do you have any sudo call from your /etc or /etc/skel bashrc or profile...?
JD
From: Uwe Kiewel ml@kiewel-online.ch
If I am root and want to change the user to a non-root user, the system prompts me for a password: [root@halifax ~]# useradd test00 [root@halifax ~]# su - test00 We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. Password: [test00@halifax ~]$ logout [root@halifax ~]# su - test00 [test00@halifax ~]$ logout [root@halifax ~]# At this test procedure I just hit the enter key at the password promt. Do you have any idea for this behavoir? I expect to do so from root to any account _without_ being prompted for the password.
Do you have any sudo call from your /etc or /etc/skel bashrc or profile...?
Yes, I do have in /etc/bashrc:
[...] if [ $UID -ne 0 ]; then echo sudo -l echo fi
Thanks, Uwe
From: Uwe (ML) Kiewel ml@kiewel-online.ch
Do you have any sudo call from your /etc or /etc/skel bashrc or profile...?
Yes, I do have in /etc/bashrc: sudo -l
Unless you already understood: su - "make the shell a login shell" so sudo -l in bashrc is executed, which asks for the user's password
JD
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am 09.03.2010 17:32, schrieb John Doe:
From: Uwe (ML) Kiewel ml@kiewel-online.ch
Do you have any sudo call from your /etc or /etc/skel bashrc or profile...?
Yes, I do have in /etc/bashrc: sudo -l
Unless you already understood: su - "make the shell a login shell" so sudo -l in bashrc is executed, which asks for the user's password
Understood, who is asking - not understood why "sudo -l" is asking for the password and why just hitting the enter key works
Thanks, Uwe
Uwe Kiewel wrote:
Am 09.03.2010 17:32, schrieb John Doe:
From: Uwe (ML) Kiewel ml@kiewel-online.ch
Do you have any sudo call from your /etc or /etc/skel bashrc or
profile...?
Yes, I do have in /etc/bashrc: sudo -l
Unless you already understood: su - "make the shell a login shell" so sudo -l in bashrc is executed, which asks for the user's password
Understood, who is asking - not understood why "sudo -l" is asking for the password and why just hitting the enter key works
Hitting the enter key "works" as far as making the prompt go away, but the sudo command is actually failing silently. If you enter the correct password, you should receive some extra output.
Just pressing enter at the prompt: $ sudo -l Password: $
Entering the correct password: $ sudo -l Password: User xxxxxx may run the following commands on this host: (ALL) ALL $
Do you have any sudo call from your /etc or /etc/skel bashrc or profile...?
Yes, I do have in /etc/bashrc: sudo -l
Unless you already understood: su - "make the shell a login shell" so sudo -l in bashrc is executed, which asks for the user's password
Understood, who is asking - not understood why "sudo -l" is asking for the password and why just hitting the enter key works
sudo -l lists the commands that you are allowed to run with sudo
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am 09.03.2010 22:22, schrieb Tom H:
Do you have any sudo call from your /etc or /etc/skel bashrc or profile...?
Yes, I do have in /etc/bashrc: sudo -l
Unless you already understood: su - "make the shell a login shell" so sudo -l in bashrc is executed, which asks for the user's password
Understood, who is asking - not understood why "sudo -l" is asking for the password and why just hitting the enter key works
sudo -l lists the commands that you are allowed to run with sudo
That is clear to me, but why does this command request the password?
On Mar 10, 2010, at 12:12 PM, Uwe Kiewel wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am 09.03.2010 22:22, schrieb Tom H:
Do you have any sudo call from your /etc or /etc/skel bashrc or profile...?
Yes, I do have in /etc/bashrc: sudo -l
Unless you already understood: su - "make the shell a login shell" so sudo -l in bashrc is executed, which asks for the user's password
Understood, who is asking - not understood why "sudo -l" is asking for the password and why just hitting the enter key works
sudo -l lists the commands that you are allowed to run with sudo
That is clear to me, but why does this command request the password?
what's the output of
sudo grep root /etc/sudoers
Tony Schreiner
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am 10.03.2010 18:26, schrieb Tony Schreiner:
On Mar 10, 2010, at 12:12 PM, Uwe Kiewel wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am 09.03.2010 22:22, schrieb Tom H:
> Do you have any sudo call from your /etc or /etc/skel bashrc or > profile...? Yes, I do have in /etc/bashrc: sudo -l
Unless you already understood: su - "make the shell a login shell" so sudo -l in bashrc is executed, which asks for the user's password
Understood, who is asking - not understood why "sudo -l" is asking for the password and why just hitting the enter key works
sudo -l lists the commands that you are allowed to run with sudo
That is clear to me, but why does this command request the password?
what's the output of
sudo grep root /etc/sudoers
## the root user, without needing the root password. ## Allow root to run any commands anywhere root ALL=(ALL) ALL
From: Uwe Kiewel ml@kiewel-online.ch
lists the commands that you are allowed to run with sudo
That is clear to me, but why does this command request the password?
Security? Maybe they don't want someone passing by to find out what this user can run through sudo...
JD
Do you have any sudo call from your /etc or /etc/skel bashrc or profile...?
Yes, I do have in /etc/bashrc: sudo -l
Unless you already understood: su - "make the shell a login shell" so sudo -l in bashrc is executed, which asks for the user's password
Understood, who is asking - not understood why "sudo -l" is asking for the password and why just hitting the enter key works
sudo -l lists the commands that you are allowed to run with sudo
That is clear to me, but why does this command request the password?
Do you have rootpw/runaspw/targetpw set in /etc/sudoers?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am 10.03.2010 20:23, schrieb Tom H:
> Do you have any sudo call from your /etc or /etc/skel bashrc or profile...? Yes, I do have in /etc/bashrc: sudo -l
Unless you already understood: su - "make the shell a login shell" so sudo -l in bashrc is executed, which asks for the user's password
Understood, who is asking - not understood why "sudo -l" is asking for the password and why just hitting the enter key works
sudo -l lists the commands that you are allowed to run with sudo
That is clear to me, but why does this command request the password?
Do you have rootpw/runaspw/targetpw set in /etc/sudoers?
No, I don't have. What I want to have is: None-root users shall be allowed to run some commands as root whithout password. And, on logging on, the users shall see, what commands they are able to run.
Thanks, Uwe
-
Bowie Bailey -
Dan Burkland -
Don Krause -
John Doe -
John R Pierce -
Spiro Harvey -
Tom H -
Tony Schreiner -
Uwe (ML) Kiewel -
Uwe Kiewel