From: bugzilla at busybox.net <bugzilla@busybox.net>
To: buildroot@busybox.net
Subject: [Buildroot] [Bug 8536] Building sudo with PAM results in unusable sudo
Date: Sat, 22 Oct 2016 21:15:36 +0000 [thread overview]
Message-ID: <bug-8536-163-A1Q0WgFj4N@https.bugs.busybox.net/> (raw)
In-Reply-To: <bug-8536-163@https.bugs.busybox.net/>
https://bugs.busybox.net/show_bug.cgi?id=8536
Thomas Petazzoni <thomas.petazzoni@free-electrons.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WONTFIX
--- Comment #9 from Thomas Petazzoni <thomas.petazzoni@free-electrons.com> ---
This is just a configuration problem, and not a bug in Buildroot.
The default /etc/sudoers file in Buildroot only contains:
root ALL=(ALL) ALL
And you have decided to enable in addition:
%sudo ALL=(ALL) ALL
to allow users of the sudo group to be able to execute commands as root using
sudo.
However, when you enable PAM, we install the following default /etc/pam.d/sudo:
auth sufficient pam_rootok.so
auth required pam_wheel.so use_uid
auth required pam_env.so
auth required pam_unix.so nullok
account required pam_unix.so
password required pam_unix.so nullok
session required pam_limits.so
session required pam_env.so
session required pam_unix.so
The second line, that uses the pam_wheel.so is the one that restricts switching
to the root account to users members of the "wheel" group. If you want to allow
members of the sudo group to switch to root, you need to change it to:
auth required pam_wheel.so use_uid group=sudo
I've tested, and it just works fine.
But of course, whether you enable sudo for users that are part of the wheel
group, or part of the sudo group is only related to *your* customization of
/etc/sudoers.
So there's nothing wrong in Buildroot's current setup. If you had uncommented
the line in /etc/sudoers that allow users part of the wheel group to use sudo,
you wouldn't have seen this problem.
Therefore, I don't consider this as a bug, but simply as a system customization
issue.
--
You are receiving this mail because:
You are on the CC list for the bug.
prev parent reply other threads:[~2016-10-22 21:15 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-17 10:00 [Buildroot] [Bug 8536] New: Building sudo with PAM results in unusable sudo bugzilla at busybox.net
2015-12-17 10:52 ` Thomas Petazzoni
2015-12-17 14:07 ` rdkehn at yahoo.com
2015-12-17 16:43 ` [Buildroot] [Bug 8536] " bugzilla at busybox.net
2015-12-18 8:24 ` bugzilla at busybox.net
2015-12-18 12:00 ` bugzilla at busybox.net
2015-12-18 14:03 ` bugzilla at busybox.net
2015-12-18 14:10 ` bugzilla at busybox.net
2015-12-18 23:32 ` bugzilla at busybox.net
2015-12-19 1:53 ` bugzilla at busybox.net
2015-12-21 14:08 ` bugzilla at busybox.net
2016-10-22 21:15 ` bugzilla at busybox.net [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-8536-163-A1Q0WgFj4N@https.bugs.busybox.net/ \
--to=bugzilla@busybox.net \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox