GNU bug report logs -
#7572
[PATCH] PAM support for su
Previous Next
Reported by: Ludwig Nussel <ludwig.nussel <at> suse.de>
Date: Mon, 6 Dec 2010 12:39:01 UTC
Severity: normal
Tags: patch
Done: Ludwig Nussel <ludwig.nussel <at> suse.de>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 7572 in the body.
You can then email your comments to 7572 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
owner <at> debbugs.gnu.org, bug-coreutils <at> gnu.org
:
bug#7572
; Package
coreutils
.
(Mon, 06 Dec 2010 12:39:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Ludwig Nussel <ludwig.nussel <at> suse.de>
:
New bug report received and forwarded. Copy sent to
bug-coreutils <at> gnu.org
.
(Mon, 06 Dec 2010 12:39:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Distributions that use su from coreutils need PAM support. This
patch is a merged version of the patches that are in at least SUSE
and RedHat distributions since years. I don't know if anyone ever
tried to submit the patch upstream though. So here it is :-)
---
configure.ac | 14 +++
src/Makefile.am | 4 +-
src/su.c | 266 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
3 files changed, 278 insertions(+), 6 deletions(-)
diff --git a/configure.ac b/configure.ac
index 7101847..ee3c0e7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -134,6 +134,20 @@ fi
AC_FUNC_FORK
+AC_ARG_ENABLE(pam, AS_HELP_STRING([--disable-pam],
+ [Enable PAM support in su (default=auto)]), , [enable_pam=yes])
+if test "x$enable_pam" != xno; then
+ AC_CHECK_LIB([pam], [pam_start], [enable_pam=yes], [enable_pam=no])
+ AC_CHECK_LIB([pam_misc], [misc_conv], [:], [enable_pam=no])
+ if test "x$enable_pam" != xno; then
+ AC_DEFINE(USE_PAM, 1, [Define if you want to use PAM])
+ PAM_LIBS="-lpam -lpam_misc"
+ AC_SUBST(PAM_LIBS)
+ fi
+fi
+AC_MSG_CHECKING([whether to enable PAM support in su])
+AC_MSG_RESULT([$enable_pam])
+
optional_bin_progs=
AC_CHECK_FUNCS([chroot],
gl_ADD_PROG([optional_bin_progs], [chroot]))
diff --git a/src/Makefile.am b/src/Makefile.am
index 00c7ff7..bc27274 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -351,8 +351,8 @@ factor_LDADD += $(LIB_GMP)
# for getloadavg
uptime_LDADD += $(GETLOADAVG_LIBS)
-# for crypt
-su_LDADD += $(LIB_CRYPT)
+# for crypt and pam
+su_LDADD += $(LIB_CRYPT) $(PAM_LIBS)
# for various ACL functions
copy_LDADD += $(LIB_ACL)
diff --git a/src/su.c b/src/su.c
index f8f5b61..1d3d007 100644
--- a/src/su.c
+++ b/src/su.c
@@ -37,6 +37,16 @@
restricts who can su to UID 0 accounts. RMS considers that to
be fascist.
+#ifdef USE_PAM
+
+ Actually, with PAM, su has nothing to do with whether or not a
+ wheel group is enforced by su. RMS tries to restrict your access
+ to a su which implements the wheel group, but PAM considers that
+ to be fascist, and gives the user/sysadmin the opportunity to
+ enforce a wheel group by proper editing of /etc/pam.d/su
+
+#endif
+
Compile-time options:
-DSYSLOG_SUCCESS Log successful su's (by default, to root) with syslog.
-DSYSLOG_FAILURE Log failed su's (by default, to root) with syslog.
@@ -52,6 +62,13 @@
#include <sys/types.h>
#include <pwd.h>
#include <grp.h>
+#ifdef USE_PAM
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+#include <signal.h>
+#include <sys/wait.h>
+#include <sys/fsuid.h>
+#endif
#include "system.h"
#include "getpass.h"
@@ -111,7 +128,9 @@
/* The user to become if none is specified. */
#define DEFAULT_USER "root"
+#ifndef USE_PAM
char *crypt (char const *key, char const *salt);
+#endif
static void run_shell (char const *, char const *, char **, size_t)
ATTRIBUTE_NORETURN;
@@ -125,6 +144,11 @@ static bool simulate_login;
/* If true, change some environment vars to indicate the user su'd to. */
static bool change_environment;
+#ifdef USE_PAM
+static bool _pam_session_opened;
+static bool _pam_cred_established;
+#endif
+
static struct option const longopts[] =
{
{"command", required_argument, NULL, 'c'},
@@ -200,7 +224,164 @@ log_su (struct passwd const *pw, bool successful)
}
#endif
+#ifdef USE_PAM
+#define PAM_SERVICE_NAME PROGRAM_NAME
+#define PAM_SERVICE_NAME_L PROGRAM_NAME "-l"
+static sig_atomic_t volatile caught_signal = false;
+static pam_handle_t *pamh = NULL;
+static int retval;
+static struct pam_conv conv =
+{
+ misc_conv,
+ NULL
+};
+
+#define PAM_BAIL_P(a) \
+ if (retval) \
+ { \
+ pam_end (pamh, retval); \
+ a; \
+ }
+
+static void
+cleanup_pam (int retcode)
+{
+ if (_pam_session_opened)
+ pam_close_session (pamh, 0);
+
+ if (_pam_cred_established)
+ pam_setcred (pamh, PAM_DELETE_CRED | PAM_SILENT);
+
+ pam_end(pamh, retcode);
+}
+
+/* Signal handler for parent process. */
+static void
+su_catch_sig (int sig)
+{
+ caught_signal = true;
+}
+
+/* Export env variables declared by PAM modules. */
+static void
+export_pamenv (void)
+{
+ char **env;
+
+ /* This is a copy but don't care to free as we exec later anyways. */
+ env = pam_getenvlist (pamh);
+ while (env && *env)
+ {
+ if (putenv (*env) != 0)
+ xalloc_die ();
+ env++;
+ }
+}
+
+static void
+create_watching_parent (void)
+{
+ pid_t child;
+ sigset_t ourset;
+ int status = 0;
+
+ retval = pam_open_session (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ cleanup_pam (retval);
+ error (EXIT_FAILURE, 0, _("cannot not open session: %s"),
+ pam_strerror (pamh, retval));
+ }
+ else
+ _pam_session_opened = 1;
+
+ child = fork ();
+ if (child == (pid_t) -1)
+ {
+ cleanup_pam (PAM_ABORT);
+ error (EXIT_FAILURE, errno, _("cannot create child process"));
+ }
+
+ /* the child proceeds to run the shell */
+ if (child == 0)
+ return;
+
+ /* In the parent watch the child. */
+
+ /* su without pam support does not have a helper that keeps
+ sitting on any directory so let's go to /. */
+ if (chdir ("/") != 0)
+ error (0, errno, _("warning: cannot change directory to %s"), "/");
+
+ sigfillset (&ourset);
+ if (sigprocmask (SIG_BLOCK, &ourset, NULL))
+ {
+ error (0, errno, _("cannot block signals"));
+ caught_signal = true;
+ }
+ if (!caught_signal)
+ {
+ struct sigaction action;
+ action.sa_handler = su_catch_sig;
+ sigemptyset (&action.sa_mask);
+ action.sa_flags = 0;
+ sigemptyset (&ourset);
+ if (sigaddset (&ourset, SIGTERM)
+ || sigaddset (&ourset, SIGALRM)
+ || sigaction (SIGTERM, &action, NULL)
+ || sigprocmask (SIG_UNBLOCK, &ourset, NULL))
+ {
+ error (0, errno, _("cannot set signal handler"));
+ caught_signal = true;
+ }
+ }
+ if (!caught_signal)
+ {
+ pid_t pid;
+ for (;;)
+ {
+ pid = waitpid (child, &status, WUNTRACED);
+
+ if (pid != (pid_t)-1 && WIFSTOPPED (status))
+ {
+ kill (getpid (), SIGSTOP);
+ /* once we get here, we must have resumed */
+ kill (pid, SIGCONT);
+ }
+ else
+ break;
+ }
+ if (pid != (pid_t)-1)
+ if (WIFSIGNALED (status))
+ status = WTERMSIG (status) + 128;
+ else
+ status = WEXITSTATUS (status);
+ else
+ status = 1;
+ }
+ else
+ status = 1;
+
+ if (caught_signal)
+ {
+ fprintf (stderr, _("\nSession terminated, killing shell..."));
+ kill (child, SIGTERM);
+ }
+
+ cleanup_pam (PAM_SUCCESS);
+
+ if (caught_signal)
+ {
+ sleep (2);
+ kill (child, SIGKILL);
+ fprintf (stderr, _(" ...killed.\n"));
+ }
+ exit (status);
+}
+#endif
+
/* Ask the user for a password.
+ If PAM is in use, let PAM ask for the password if necessary.
Return true if the user gives the correct password for entry PW,
false if not. Return true without asking for a password if run by UID 0
or if PW has an empty password. */
@@ -208,10 +389,52 @@ log_su (struct passwd const *pw, bool successful)
static bool
correct_password (const struct passwd *pw)
{
+#ifdef USE_PAM
+ const struct passwd *lpw;
+ const char *cp;
+
+ retval = pam_start (simulate_login ? PAM_SERVICE_NAME_L : PAM_SERVICE_NAME,
+ pw->pw_name, &conv, &pamh);
+ PAM_BAIL_P (return false);
+
+ if (isatty (0) && (cp = ttyname (0)) != NULL)
+ {
+ const char *tty;
+
+ if (strncmp (cp, "/dev/", 5) == 0)
+ tty = cp + 5;
+ else
+ tty = cp;
+ retval = pam_set_item (pamh, PAM_TTY, tty);
+ PAM_BAIL_P (return false);
+ }
+#if 0 /* Manpage discourages use of getlogin. */
+ cp = getlogin ();
+ if (!(cp && *cp && (lpw = getpwnam (cp)) != NULL && lpw->pw_uid == getuid ()))
+#endif
+ lpw = getpwuid (getuid ());
+ if (lpw && lpw->pw_name)
+ {
+ retval = pam_set_item (pamh, PAM_RUSER, (const void *) lpw->pw_name);
+ PAM_BAIL_P (return false);
+ }
+ retval = pam_authenticate (pamh, 0);
+ PAM_BAIL_P (return false);
+ retval = pam_acct_mgmt (pamh, 0);
+ if (retval == PAM_NEW_AUTHTOK_REQD)
+ {
+ /* Password has expired. Offer option to change it. */
+ retval = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+ PAM_BAIL_P (return false);
+ }
+ PAM_BAIL_P (return false);
+ /* Must be authenticated if this point was reached. */
+ return true;
+#else /* !USE_PAM */
char *unencrypted, *encrypted, *correct;
#if HAVE_GETSPNAM && HAVE_STRUCT_SPWD_SP_PWDP
/* Shadow passwd stuff for SVR3 and maybe other systems. */
- struct spwd *sp = getspnam (pw->pw_name);
+ const struct spwd *sp = getspnam (pw->pw_name);
endspent ();
if (sp)
@@ -232,6 +455,7 @@ correct_password (const struct passwd *pw)
encrypted = crypt (unencrypted, correct);
memset (unencrypted, 0, strlen (unencrypted));
return STREQ (encrypted, correct);
+#endif /* !USE_PAM */
}
/* Update `environ' for the new shell based on PW, with SHELL being
@@ -274,19 +498,41 @@ modify_environment (const struct passwd *pw, const char *shell)
}
}
}
+
+#ifdef USE_PAM
+ export_pamenv ();
+#endif
}
/* Become the user and group(s) specified by PW. */
static void
-change_identity (const struct passwd *pw)
+init_groups (const struct passwd *pw)
{
#ifdef HAVE_INITGROUPS
errno = 0;
if (initgroups (pw->pw_name, pw->pw_gid) == -1)
- error (EXIT_CANCELED, errno, _("cannot set groups"));
+ {
+#ifdef USE_PAM
+ cleanup_pam (PAM_ABORT);
+#endif
+ error (EXIT_FAILURE, errno, _("cannot set groups"));
+ }
endgrent ();
#endif
+
+#ifdef USE_PAM
+ retval = pam_setcred (pamh, PAM_ESTABLISH_CRED);
+ if (retval != PAM_SUCCESS)
+ error (EXIT_FAILURE, 0, "%s", pam_strerror (pamh, retval));
+ else
+ _pam_cred_established = 1;
+#endif
+}
+
+static void
+change_identity (const struct passwd *pw)
+{
if (setgid (pw->pw_gid))
error (EXIT_CANCELED, errno, _("cannot set group id"));
if (setuid (pw->pw_uid))
@@ -500,9 +746,21 @@ main (int argc, char **argv)
shell = NULL;
}
shell = xstrdup (shell ? shell : pw->pw_shell);
- modify_environment (pw, shell);
+
+ init_groups (pw);
+
+#ifdef USE_PAM
+ create_watching_parent ();
+ /* Now we're in the child. */
+#endif
change_identity (pw);
+
+ /* Set environment after pam_open_session, which may put KRB5CCNAME
+ into the pam_env, etc. */
+
+ modify_environment (pw, shell);
+
if (simulate_login && chdir (pw->pw_dir) != 0)
error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
--
1.7.1
Information forwarded
to
owner <at> debbugs.gnu.org, bug-coreutils <at> gnu.org
:
bug#7572
; Package
coreutils
.
(Thu, 09 Jun 2011 12:37:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 7572 <at> debbugs.gnu.org (full text, mbox):
Hi,
Are there any concerns with the patch? It would be really nice to
have this merged upstream to avoid further fragmentation.
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Information forwarded
to
owner <at> debbugs.gnu.org, bug-coreutils <at> gnu.org
:
bug#7572
; Package
coreutils
.
(Thu, 09 Jun 2011 13:16:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 7572 <at> debbugs.gnu.org (full text, mbox):
Ludwig Nussel wrote:
> Are there any concerns with the patch? It would be really nice to
> have this merged upstream to avoid further fragmentation.
Hi Ludwig,
The main concern is that by default coreutils doesn't even build su anymore.
However, if this makes it easier on Fedora and Suse packagers, then
I suppose it's worthwhile.
If you'd like to pursue the matter, there are a few missing pieces:
- Ensure that "make syntax-check" still passes with this patch.
I see cpp indentation that may fail the test that runs cppi.
That test is run only when cppi is installed, so you may have
to install it.
- it will need a ChangeLog entry, including attribution if you can
dig that up.
- I haven't looked carefully, but considering the size, I'd be
surprised if there is no need to document changes -- in
coreutils.texi
- include a NEWS entry
- tests would be most welcome, but I won't insist on those
Jim
Information forwarded
to
owner <at> debbugs.gnu.org, bug-coreutils <at> gnu.org
:
bug#7572
; Package
coreutils
.
(Thu, 09 Jun 2011 13:46:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 7572 <at> debbugs.gnu.org (full text, mbox):
Jim Meyering wrote:
> Ludwig Nussel wrote:
> > Are there any concerns with the patch? It would be really nice to
> > have this merged upstream to avoid further fragmentation.
>
> The main concern is that by default coreutils doesn't even build su anymore.
Does that mean you intend to drop su from coreutils? If so is there
any suggested alternative? Should we move su to e.g. util-linux
instead?
> However, if this makes it easier on Fedora and Suse packagers, then
> I suppose it's worthwhile.
>
> If you'd like to pursue the matter, there are a few missing pieces:
>
> - Ensure that "make syntax-check" still passes with this patch.
> I see cpp indentation that may fail the test that runs cppi.
> That test is run only when cppi is installed, so you may have
> to install it.
>
> - it will need a ChangeLog entry, including attribution if you can
> dig that up.
Ok, I'll check both.
> - I haven't looked carefully, but considering the size, I'd be
> surprised if there is no need to document changes -- in
> coreutils.texi
Yes. Our package actually has a separate patch that modifies the
docu. For upstream the pam support is optional though so any
addition to coreutils.texi would need to be conditional I suppose.
So we'd need e.g. a coreutils.texi.in that gets rewritten by
configure.
> - include a NEWS entry
ok
> - tests would be most welcome, but I won't insist on those
Hmm, I'm not sure that's feasible. Tests would need to run as
root and they'd likely have to modify /etc/pam.d.
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Information forwarded
to
owner <at> debbugs.gnu.org, bug-coreutils <at> gnu.org
:
bug#7572
; Package
coreutils
.
(Thu, 09 Jun 2011 14:04:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 7572 <at> debbugs.gnu.org (full text, mbox):
Ludwig Nussel wrote:
> Jim Meyering wrote:
>> Ludwig Nussel wrote:
>> > Are there any concerns with the patch? It would be really nice to
>> > have this merged upstream to avoid further fragmentation.
>>
>> The main concern is that by default coreutils doesn't even build su anymore.
>
> Does that mean you intend to drop su from coreutils? If so is there
I would have dropped it long ago but for some distributions
for which the switch to e.g., util-linux was not an option.
> any suggested alternative? Should we move su to e.g. util-linux
> instead?
It's worth considering.
>> However, if this makes it easier on Fedora and Suse packagers, then
>> I suppose it's worthwhile.
>>
>> If you'd like to pursue the matter, there are a few missing pieces:
>>
>> - Ensure that "make syntax-check" still passes with this patch.
>> I see cpp indentation that may fail the test that runs cppi.
>> That test is run only when cppi is installed, so you may have
>> to install it.
>>
>> - it will need a ChangeLog entry, including attribution if you can
>> dig that up.
>
> Ok, I'll check both.
>
>> - I haven't looked carefully, but considering the size, I'd be
>> surprised if there is no need to document changes -- in
>> coreutils.texi
>
> Yes. Our package actually has a separate patch that modifies the
> docu. For upstream the pam support is optional though so any
> addition to coreutils.texi would need to be conditional I suppose.
> So we'd need e.g. a coreutils.texi.in that gets rewritten by
> configure.
Simpler is to start a paragraph/section with a few words saying that
some additional functionality is available when PAM support is enabled.
>> - include a NEWS entry
>
> ok
>
>> - tests would be most welcome, but I won't insist on those
>
> Hmm, I'm not sure that's feasible. Tests would need to run as
> root and they'd likely have to modify /etc/pam.d.
root-only tests are not a problem.
There are already quite a few. For examples,
see the scripts under tests/ that use "require_root_".
However, as you imply, if the only way to test is
by changing the likes of /etc/pam.d, then it's easy:
automated tests are not an option ;-)
Information forwarded
to
owner <at> debbugs.gnu.org, bug-coreutils <at> gnu.org
:
bug#7572
; Package
coreutils
.
(Thu, 09 Jun 2011 14:30:03 GMT)
Full text and
rfc822 format available.
Message #20 received at 7572 <at> debbugs.gnu.org (full text, mbox):
Jim Meyering wrote:
> Ludwig Nussel wrote:
> > Jim Meyering wrote:
> >> Ludwig Nussel wrote:
> >> > Are there any concerns with the patch? It would be really nice to
> >> > have this merged upstream to avoid further fragmentation.
> >>
> >> The main concern is that by default coreutils doesn't even build su anymore.
> >
> > Does that mean you intend to drop su from coreutils? If so is there
>
> I would have dropped it long ago but for some distributions
> for which the switch to e.g., util-linux was not an option.
Well, those who prefer a bit rotten su.c could still fetch one from
an old coreutils archive if it's dropped in newer versions :-)
> > any suggested alternative? Should we move su to e.g. util-linux
> > instead?
>
> It's worth considering.
Ok. I'll ask on the util-linux list then.
> [...]
> >> - tests would be most welcome, but I won't insist on those
> >
> > Hmm, I'm not sure that's feasible. Tests would need to run as
> > root and they'd likely have to modify /etc/pam.d.
>
> root-only tests are not a problem.
> There are already quite a few. For examples,
> see the scripts under tests/ that use "require_root_".
> However, as you imply, if the only way to test is
> by changing the likes of /etc/pam.d, then it's easy:
> automated tests are not an option ;-)
One needs to install two files there to tell pam which modules to
activate. If the system already has them from the distro there might
be a conflict due to different content.
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Information forwarded
to
owner <at> debbugs.gnu.org, bug-coreutils <at> gnu.org
:
bug#7572
; Package
coreutils
.
(Thu, 09 Jun 2011 14:39:02 GMT)
Full text and
rfc822 format available.
Message #23 received at 7572 <at> debbugs.gnu.org (full text, mbox):
Excerpts from Jim Meyering's message of Thu Jun 09 10:03:20 -0400 2011:
Hi Jim,
> > Does that mean you intend to drop su from coreutils? If so is there
>
> I would have dropped it long ago but for some distributions
> for which the switch to e.g., util-linux was not an option.
I would miss this greatly in the OpenCSW coreutils package for
Solaris. The su in coreutils is much nicer than the native one. :)
I'd understand if you dropped it, but I'll voice my preference
regardless.
Thanks
-Ben
--
Ben Walton
Systems Programmer - CHASS
University of Toronto
C:416.407.5610 | W:416.978.4302
Information forwarded
to
owner <at> debbugs.gnu.org, bug-coreutils <at> gnu.org
:
bug#7572
; Package
coreutils
.
(Thu, 09 Jun 2011 14:41:01 GMT)
Full text and
rfc822 format available.
Message #26 received at 7572 <at> debbugs.gnu.org (full text, mbox):
Jim Meyering wrote:
> Ludwig Nussel wrote:
>> Jim Meyering wrote:
>>> - tests would be most welcome, but I won't insist on those
>>
>> Hmm, I'm not sure that's feasible. Tests would need to run as
>> root and they'd likely have to modify /etc/pam.d.
>
> root-only tests are not a problem.
> There are already quite a few. For examples,
> see the scripts under tests/ that use "require_root_".
> However, as you imply, if the only way to test is
> by changing the likes of /etc/pam.d, then it's easy:
> automated tests are not an option ;-)
maybe in a temporary chroot (unless that's overkill)?
--
Have a nice day,
Berny
Information forwarded
to
owner <at> debbugs.gnu.org, bug-coreutils <at> gnu.org
:
bug#7572
; Package
coreutils
.
(Thu, 09 Jun 2011 15:04:03 GMT)
Full text and
rfc822 format available.
Message #29 received at 7572 <at> debbugs.gnu.org (full text, mbox):
Ben Walton wrote:
> Excerpts from Jim Meyering's message of Thu Jun 09 10:03:20 -0400 2011:
>> > Does that mean you intend to drop su from coreutils? If so is there
>>
>> I would have dropped it long ago but for some distributions
>> for which the switch to e.g., util-linux was not an option.
>
> I would miss this greatly in the OpenCSW coreutils package for
> Solaris. The su in coreutils is much nicer than the native one. :)
> I'd understand if you dropped it, but I'll voice my preference
> regardless.
I don't plan to remove it.
The compromise I settled on 3.5 years ago was to do this:
* Noteworthy changes in release 6.9.90 (2007-12-01) [beta]
...
** Programs no longer installed by default
hostname, su
...
** New build options
By default, "make install" no longer attempts to install (or even build) su.
To change that, use ./configure --enable-install-program=su.
If you also want to install the new "arch" program, do this:
./configure --enable-install-program=arch,su.
You can inhibit the compilation and installation of selected programs
at configure time. For example, to avoid installing "hostname" and
"uptime", use ./configure --enable-no-install-program=hostname,uptime
Note: currently, "make check" passes, even when arch and su are not
built (that's the new default). However, if you inhibit the building
and installation of other programs, don't be surprised if some parts
of "make check" fail.
Information forwarded
to
owner <at> debbugs.gnu.org, bug-coreutils <at> gnu.org
:
bug#7572
; Package
coreutils
.
(Sat, 23 Jul 2011 12:20:02 GMT)
Full text and
rfc822 format available.
Message #32 received at 7572 <at> debbugs.gnu.org (full text, mbox):
Ludwig Nussel wrote:
> Are there any concerns with the patch? It would be really nice to
> have this merged upstream to avoid further fragmentation.
If you now have a complete patch (including documentation, NEWS update
and a good ChangeLog), please post it.
Or, if you opted not to pursue this, please just close this issue
by Cc'ing 7572-done <at> debbugs.gnu.org with your reply.
Reply sent
to
Ludwig Nussel <ludwig.nussel <at> suse.de>
:
You have taken responsibility.
(Tue, 29 May 2012 15:03:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Ludwig Nussel <ludwig.nussel <at> suse.de>
:
bug acknowledged by developer.
(Tue, 29 May 2012 15:03:04 GMT)
Full text and
rfc822 format available.
Message #37 received at 7572-done <at> debbugs.gnu.org (full text, mbox):
Hi,
A pam aware su has now been merged into util-linux. This issue can
therefore be closed.
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Information forwarded
to
bug-coreutils <at> gnu.org
:
bug#7572
; Package
coreutils
.
(Tue, 29 May 2012 15:08:01 GMT)
Full text and
rfc822 format available.
Message #40 received at 7572 <at> debbugs.gnu.org (full text, mbox):
Ludwig Nussel wrote:
> A pam aware su has now been merged into util-linux. This issue can
> therefore be closed.
Thanks for the follow-up.
I'll post a patch removing su from coreutils separately.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Wed, 27 Jun 2012 11:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 11 years and 278 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.