util-linux su requires PAM

[thesamesam]

Hi,

It looks like util-linux's implementation of su requires PAM. This doesn't personally bother me but in Gentoo, at present, we allow building systems without PAM. shadow's su, however, does support standalone usage.

I wonder if it'd be possible to keep shadow's su on life-support (but deprecated) for those who don't want to/can't use PAM?

[hallyn]

Thanks for pointing that out. That may be a good enough reason to keep it.

[arachsys]

FWIW, I'd be a bit stuffed without su from shadow for the same reason: I maintain a distro which doesn't use PAM, so the util-linux su refuses to build.

[hallyn]

Thanks for the input @arachsys .

[hallyn]

I'm not sure where to best announce this - but we won't drop su unless and until there is an alternative. My goal is to minimize community effort spent on redundant complex software, but I feel shadow has a responsibility to non-standard distros here.

I will however encourage those who can to switch to util-linux's su. Most already had.

[arachsys]

Thanks, this is very much appreciated. As far as I know, shadow's implementation really is the only chfn/chsh/login/su option for people who (for example) have a statically-linked variant build of their distro which can't dlopen pam modules.

Are there any outstanding problems or design concerns with the current shadow su that you'd like someone to step up and fix? I'm happy to work on these if so.

[thesamesam]

I'm not sure where to best announce this - but we won't drop su unless and until there is an alternative. My goal is to minimize community effort spent on redundant complex software, but I feel shadow has a responsibility to non-standard distros here.

I reckon mention it in the next release notes like for the initial deprecation notice. Thank you for your careful/responsible position here.

I will however encourage those who can to switch to util-linux's su. Most already had.

We've now switched Gentoo by default, FWIW, but will be keeping shadow's su available of course.

[firasuke]

Any updates to this? Has shadow dropped su?

Also should distributions be switching to use the util-linux version of su (which requires PAM)? What if PAM is non-existent on said distributions, which version of su can be used?