Hello,
I am seeing some disparity between (two distributions granted) CentOS 6.6 and Fedora22 in their use of the su utility. I cannot figure out the cause, so I cannot fix it.
In CentOS there is no way to script login to root... this is of course a desirable trait. for instance, [ user@localhost user ]$ su root <<EOF
password echo "" id EOF
standard in must be a tty
However, Fedora22 allows this action... where is the file which I must edit to enable this security setting? { (^-^) user /home/user } su root <<EOF
password echo "" id EOF
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Thanks for the help in advance.
Scott
On 08/18/15 15:09, Scott Mattan wrote:
I am seeing some disparity between (two distributions granted) CentOS 6.6 and Fedora22 in their use of the su utility. I cannot figure out the cause, so I cannot fix it.
In CentOS there is no way to script login to root... this is of course a desirable trait. for instance, [ user@localhost user ]$ su root <<EOF
password echo "" id EOF
standard in must be a tty
However, Fedora22 allows this action... where is the file which I must edit to enable this security setting? { (^-^) user /home/user } su root <<EOF
password echo "" id EOF
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Thanks for the help in advance.
My first thought is to check for differences between /etc/pam.d/su on each OS.
On Tue, Aug 18, 2015 at 2:09 AM, Scott Mattan s-mattan@niscom.co.jp wrote:
Hello,
I am seeing some disparity between (two distributions granted) CentOS 6.6 and Fedora22 in their use of the su utility. I cannot figure out the cause, so I cannot fix it.
In CentOS there is no way to script login to root... this is of course a desirable trait. for instance, [ user@localhost user ]$ su root <<EOF
password echo "" id EOF
standard in must be a tty
$ (sleep 1; echo password) | python -c "import pty; pty.spawn(['/bin/su','-c','id']);"
Some programs require stdin on a tty, su has gone back and forth on it. It really doesn't stop anything.
John
Hi,
I recently came up with this 'issue' (not really an issue in fact, please read along) when I configured a Webmin panel on a CentOS 6.7 instance we use at work.
Thing is that the sudo tool provides a configuration flag to deny a command execution if it's not being invoked from a console. Originally this was thought as an additional security layer but ultimately proved to be more a nuisance than anything else and that's why Red Hat decided to switch it off by default on newer releases starting with RHEL 7 (I don't know starting at which Fedora release though).
To disable this check launch visudo, look for "Defaults requiretty" and comment the line. I believe that you can accomplish the same by adding the entry to a file in /etc/sudo.d/ but I didn't test it myself.
HTH
On Wed, Aug 19, 2015 at 1:31 AM inode0 inode0@gmail.com wrote:
On Tue, Aug 18, 2015 at 2:09 AM, Scott Mattan s-mattan@niscom.co.jp wrote:
Hello,
I am seeing some disparity between (two distributions granted) CentOS 6.6 and Fedora22 in their use of the su utility. I cannot figure out the
cause,
so I cannot fix it.
In CentOS there is no way to script login to root... this is of course a desirable trait. for instance, [ user@localhost user ]$ su root <<EOF
password echo "" id EOF
standard in must be a tty
$ (sleep 1; echo password) | python -c "import pty; pty.spawn(['/bin/su','-c','id']);"
Some programs require stdin on a tty, su has gone back and forth on it. It really doesn't stop anything.
John
users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
-
Ed Greshko -
inode0 -
Martin Cigorraga -
Scott Mattan