su configuration issues
A few issues and possible improvements around
/etc/logins.defs which I’ve encountered on Omnia:
First of, comment in
/etc/logins.defs file claims that if
SU_WHEEL_ONLY is ‘"yes", the user must be listed as a member of the first gid 0 group in /etc/group to be able to "su" to uid 0 accounts.’ This is inaccurate. In reality, the user must be listed as a member of group
To verify this behaviour, create a new user, add them to group
yes and attempt to run
su as the new user. A ‘You are not authorized to su root’ error message will be output. Now, remove the user from group ‘root’ and instead create a new group ‘wheel’ with the user as the only member.
su will now work.
Second of, the
/etc/profile file sets
/usr directory takes priority over root. However,
ENV_PATH such that root directory takes priority over
/usr. I’d suggest changing the latter to read:
ENV_SUPATH PATH=/usr/sbin:/usr/bin:/sbin:/bin ENV_PATH PATH=/usr/bin:/bin
This is most noticeable when any of the
coreutils-* packages are installed since they end up in
/usr/bin and with
PATH which prioritises
/bin they are shadowed by BusyBox’ symlinks. While at it, changing
/etc/profile so that
sbin takes precedence over
bin could also be a good thing to do, i.e.:
Lastly, how about setting
SHA512? Otherwise when new user is created,
DES is used which can be broken probably in minutes.
Not sure if this should be reported here or in some upstream project.