We run using LDAP for the bulk of our authentication. I tried your test
and got a zero return code for both:
rockhopper:~ # su suseftp -c id
uid=1002(suseftp) gid=100(users)
groups=14(uucp),16(dialout),17(audio),33(video),100(users)
rockhopper:~ # echo $?
0
rockhopper:~ # su rpn01 -c id
uid=42312(rpn01) gid=5037(rpn01)
groups=4(nssunix),100(users),500(mail),2501(nssldap),5036(nssprintmgr),5
037(rpn01),5146(focapp),5147(rrisapp),5148(ecapp),5149(retroapp),5150(bs
c),5151(prptng)
rockhopper:~ # echo $?
0
rockhopper:~ #
--
.~. Robert P. Nix Mayo Foundation
/V\ RO-OC-1-13 200 First Street SW
/( )\ 507-284-0844 Rochester, MN 55905
^^-^^ -----
"In theory, theory and practice are the same, but
in practice, theory and practice are different."
-----Original Message-----
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of
Marcy Cortes
Sent: Tuesday, October 10, 2006 2:24 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Odd problem with SU command
Running Sles9x, SP3.
We have sw installed that authenticates users against Active Directory
using pam.d stuff (Vintela VAS). Those users don't have to be in
/etc/passwd at all.
In trying to install db2, we needed to create a local userid. Fine, no
problem this is supported.
But the su command returns rc 1 if the user is local and rc 0 if the
user is VAS. This makes the db2icrt script fail.
Was wondering if someone out there is also using an off server
authentication method could check and see if it fails for them too?
>From root:
su (localuser) -c id
echo $?
su (non-localuser) -c id
echo $?
Return code 1 is supposed to mean su failed, but su doesn't fail - we do
get the results of the command properly.
The RH Intel Linux servers don't have this problem and removing the VAS
calls from /etc/pam.d/su didn't seem to make a difference either.
We're reporting it to support, but was hoping to narrow it down to whose
support :)
Marcy Cortes
"This message may contain confidential and/or privileged information.
If you are not the addressee or authorized to receive this for the
addressee, you must not use, copy, disclose, or take any action based on
this message or any information herein. If you have received this
message in error, please advise the sender immediately by reply e-mail
and delete this message. Thank you for your cooperation."
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or
visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
