Bug#235804: gksu: problem with pam_wheel.so trust group=adm

[Gustavo Noronha Silva]

Em Qua, 2004-04-14 =C3=A0s 13:18 -0400, Edward J. Shornock escreveu:

> If pam_wheel.so trust is set for a group, I don't think a user should be=20
> prompted for the root password (as is currently the case with gksu).  So=20
> I do have the problem Vinicius had reported as well.  Should I have sent=20
> in two separate reports?  (I want to do this the proper way).

If you have two distinct problems, sure =3D)...

> I am only prompted for the password by gksu once.  Without the=20
> "pam_wheel.so trust group=3Dadm" line, the gksu helper process continues=20
> as it should.  With that trust line, it should not prompt for the root=20
> password (and I was prompted for it), but in addition to being prompted=20
> for the password, gksu-run-helper does not appear to continue.

Ok, let me try to explain how gksu works:

gksu spawns a new process and runs gksu-run-helper there, which then
sends a message for gksu saying it is ready to receive the password
and runs su.

On receiving that message gksu sends the password to su. So, if I
understand pam_wheel correctly, gksu-run-helper should acomplish its
mission even if you 'cancel' the password dialog (which is a bug, too).

I have to check if I need authorization before asking for the password,
and I'll have to find a way that takes pam into account. For now, let's
try to clear this up. Would you make this test for me?:

* make su work without a password using pam_wheel
* run gksu and cancel the dialog

Also, I want to know if you're hiting a problem which is totaly
unrelated to pam_wheel: I've seen gksu be unable to send the password to
su sometimes by trying to do that too soon (you know, su has a delay for
accepting the password). Maybe you're hiting that problem? In that case
you'll have a gksu and su processes running with nothing happening.

Thanks for your testing and information =3D)


--=20
Gustavo Noronha [http://people.debian.org/~kov/]