Mageia forum

[magfan]

On our mga5 workstation we have a user (not root) who can become another user (except root) without being asked for a password just by typing "su [username]". How can this be? And even more important: How can this be changed?

[doktor5000]

Please provide at least the output of

Code: Select all

id

for that user and the contents of /etc/pam.d/su of that system.

[magfan]

Code: Select all

$ id
uid=1002(spm) gid=100(users) Gruppen=100(users),1001(nas),1002(spm)
$ cat /etc/pam.d/su
#%PAM-1.0
auth            sufficient      pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth           sufficient      pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth           required        pam_wheel.so use_uid
auth            include         system-auth
account         sufficient      pam_succeed_if.so uid = 0 use_uid quiet
account         include         system-auth
password        include         system-auth
session         include         system-auth
session         optional        pam_xauth.so
$

[doktor5000]

And you su to one of the users in the "users" group?

[magfan]

Yes. User "spm" can su to any user in the users group without being asked for a password.

[magfan]

Once every user changed or just re-entered his/her own password the problem was gone.