search

debops / debops-tools

Your Debian-based data center in a box
https://debops.org/
GNU General Public License v3.0
1.07k stars 116 forks source link

su doesn't require password #110

Closed Zorlin closed 9 years ago

Zorlin commented 9 years ago

Hi there,

From an admin/sudo user, if you type "su" and hit enter it drops you straight into a root shell.

Feature or bug?

Zorlin commented 9 years ago

By design, from what tobijb and I could ascertain.

https://github.com/debops/ansible-auth/blob/master/templates/etc/pam.d/su.j2#L22
drybjed commented 9 years ago

It's by design but using some more PAM-based security (Yubikey? SSH agent?) could be added in the future. Root password is randomized so kind of hard to use su with it.