su / shadow & /etc/suauth

John Harrigan jfharrigan at
Thu Jan 4 06:20:05 PST 2007

* Dan Nicholson <dbn.lists at>:
> On 1/2/07, Julien Lecomte <julien at> wrote:
> >
> > I can't get 'su' and '/etc/suauth' to work correctly on my 6.2 LFS
> > system. My system is up and running correctly apart from this minor problem.
> >
> > When I 'su', it doesn't seem that '/etc/suauth' is used. For example, my
> > /etc/suauth (root:root, 600) only contains
> > root:ALL EXCEPT GROUP wheel:DENY
> I've never tried using suauth, but I just looked at the source, and it
> is only enabled if you're using PAM. BLFS has support for building
> shadow against PAM and/or cracklib. Read the warnings, though. You
> don't want to get into a situation where you can't log in to your
> system.

I don't have PAM or cracklib installed but /etc/suauth still appears
to function correctly.  One thing I ran into in the past was that it
seems su from coreutils does not check /etc/suauth (I didn't spend
a lot of time investigating so that might be inaccurate).  I ran
into the problem messing around with the package user hint and not
accounting for the two different versions of su.  Once I made sure
I was using shadow's su, /etc/suauth worked as expected.

More information about the lfs-support mailing list