Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

util-linux su requires PAM #464

Open
thesamesam opened this issue Dec 20, 2021 · 7 comments
Open

util-linux su requires PAM #464

thesamesam opened this issue Dec 20, 2021 · 7 comments

Comments

@thesamesam
Copy link
Contributor

thesamesam commented Dec 20, 2021
edited

Hi,

It looks like util-linux's implementation of su requires PAM. This doesn't personally bother me but in Gentoo, at present, we allow building systems without PAM. shadow's su, however, does support standalone usage.

I wonder if it'd be possible to keep shadow's su on life-support (but deprecated) for those who don't want to/can't use PAM?
gentoo-bot pushed a commit to gentoo/gentoo that referenced this issue Dec 20, 2021
@thesamesam
sys-apps/util-linux: su requires PAM
fe07c3e 
Right now, util-linux su requires PAM -- shadow's doesn't.

Bug: shadow-maint/shadow#464
Closes: https://bugs.gentoo.org/622666
Signed-off-by: Sam James <sam@gentoo.org>
@hallyn
Copy link
Member

hallyn commented Dec 20, 2021

Thanks for pointing that out. That may be a good enough reason to keep it.

@arachsys
Copy link

FWIW, I'd be a bit stuffed without su from shadow for the same reason: I maintain a distro which doesn't use PAM, so the util-linux su refuses to build.

@hallyn
Copy link
Member

hallyn commented Dec 27, 2021

Thanks for the input @arachsys .

@hallyn
Copy link
Member

hallyn commented Jan 6, 2022

I'm not sure where to best announce this - but we won't drop su unless and until there is an alternative. My goal is to minimize community effort spent on redundant complex software, but I feel shadow has a responsibility to non-standard distros here.

I will however encourage those who can to switch to util-linux's su. Most already had.

@arachsys
Copy link

arachsys commented Jan 6, 2022

Thanks, this is very much appreciated. As far as I know, shadow's implementation really is the only chfn/chsh/login/su option for people who (for example) have a statically-linked variant build of their distro which can't dlopen pam modules.

Are there any outstanding problems or design concerns with the current shadow su that you'd like someone to step up and fix? I'm happy to work on these if so.

@thesamesam
Copy link
Contributor Author

I'm not sure where to best announce this - but we won't drop su unless and until there is an alternative. My goal is to minimize community effort spent on redundant complex software, but I feel shadow has a responsibility to non-standard distros here.

I reckon mention it in the next release notes like for the initial deprecation notice. Thank you for your careful/responsible position here.

I will however encourage those who can to switch to util-linux's su. Most already had.

We've now switched Gentoo by default, FWIW, but will be keeping shadow's su available of course.

@firasuke
Copy link

Any updates to this? Has shadow dropped su?

Also should distributions be switching to use the util-linux version of su (which requires PAM)? What if PAM is non-existent on said distributions, which version of su can be used?

@berney berney mentioned this issue Sep 11, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@arachsys @hallyn @thesamesam @firasuke