From: bugzilla at busybox.net <bugzilla@busybox.net>
To: buildroot@busybox.net
Subject: [Buildroot] [Bug 8536] Building sudo with PAM results in unusable sudo
Date: Fri, 18 Dec 2015 23:32:30 +0000 [thread overview]
Message-ID: <bug-8536-163-TwlWMK3XwW@https.bugs.busybox.net/> (raw)
In-Reply-To: <bug-8536-163@https.bugs.busybox.net/>
https://bugs.busybox.net/show_bug.cgi?id=8536
--- Comment #6 from James Knight <james.knight@rockwellcollins.com> ---
(In reply to Thomas Petazzoni from comment #2)
I am using Buildroot's provided /etc/pam.d/sudo file.
(In reply to nroach44 from comment #3)
Interesting.
Just took a gander at Fedora's (22) variant:
cat /etc/pam.d/sudo
#%PAM-1.0
auth include system-auth
account include system-auth
password include system-auth
session optional pam_keyinit.so revoke
session required pam_limits.so
session include system-auth
(where system-auth file contains a boat load of more entries)
I guess Debian's PAM format varies from RedHat's PAM variant (although I
haven't really looked into it).
(In reply to Doug Kehn from comment #5)
Should Buildroot's sudo.pam work 'out of the box' with LDAP? I'm not against it
but just glancing at my own target, I do not have the pam_ldap.so module
installed.
(all)
While it might not fit all use cases, I believe the Buildroot-provided
/etc/pam.d/sudo file is generic enough for a standard setup; but, given the
woes that nroach44 is experiencing, it might be missing something.
@nroach44, in your sudo configuration you mentioned (comment #0) you have the
following:
%sudo ALL=(ALL) ALL
I assume you're trying to give the "sudo" group permission (instead of using
the wheel group). What happens when you try to alter the following file (see
[1]):
auth required pam_wheel.so use_uid group=sudo
I'm also curious if the root user can use sudo in your system (ie. I assume
`sudo echo a` is failing for your default user but does it also fail when
running under root)?
[1]: http://www.linux-pam.org/Linux-PAM-html/sag-pam_wheel.html
--
You are receiving this mail because:
You are on the CC list for the bug.
next prev parent reply other threads:[~2015-12-18 23:32 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-17 10:00 [Buildroot] [Bug 8536] New: Building sudo with PAM results in unusable sudo bugzilla at busybox.net
2015-12-17 10:52 ` Thomas Petazzoni
2015-12-17 14:07 ` rdkehn at yahoo.com
2015-12-17 16:43 ` [Buildroot] [Bug 8536] " bugzilla at busybox.net
2015-12-18 8:24 ` bugzilla at busybox.net
2015-12-18 12:00 ` bugzilla at busybox.net
2015-12-18 14:03 ` bugzilla at busybox.net
2015-12-18 14:10 ` bugzilla at busybox.net
2015-12-18 23:32 ` bugzilla at busybox.net [this message]
2015-12-19 1:53 ` bugzilla at busybox.net
2015-12-21 14:08 ` bugzilla at busybox.net
2016-10-22 21:15 ` bugzilla at busybox.net
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-8536-163-TwlWMK3XwW@https.bugs.busybox.net/ \
--to=bugzilla@busybox.net \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.