On Sat, Dec 11, 2021 at 09:16:04AM +0100, Marc Haber wrote:
is this still reproducible in current unstable?
no (logs edited for brevity):
=== su ====
(to root) ossi on pts/13
pam_xauth(su:session): requesting user 1000/100, target user 0/0
pam_xauth(su:session): reading keys from `/home/ossi/.Xauthority'
pam_xauth(su:session): running "/usr/bin/xauth -f /home/ossi/.Xauthority nlist
:0" as 1000/100
pam_xauth(su:session): writing key `blabla' to temporary file
`/root/.xauthlSdyO1'
pam_xauth(su:session): running "/usr/bin/xauth -f /root/.xauthlSdyO1 nmerge -"
as 0/0
=== sudo ===
ossi : TTY=pts/13 ; PWD=/root ; USER=root ; COMMAND=/bin/bash
pam_unix(sudo:session): session opened for user root(uid=0) by ossi(uid=1000)
pam_xauth(sudo:session): requesting user 1000/100, target user 0/0
pam_xauth(sudo:session): reading keys from `/home/ossi/.Xauthority'
pam_xauth(sudo:session): running "/usr/bin/xauth -f /home/ossi/.Xauthority nlist
:0" as 1000/0
pam_xauth(sudo:session): writing key `blabla' to temporary file
`/root/.xauthUuD5Vi'
pam_xauth(sudo:session): running "/usr/bin/xauth -f /root/.xauthUuD5Vi nmerge
-" as 0/0
note that there is still a difference in the gid used for the 1st xauth
call for some reason, but that doesn't impact function.
How would I obtain that debug output?
add "debug" to the pam_xauth.so line, as is shown in the followup
messages to this report, and as you could have found out yourself by
searching for "linux pam enable debug output". ;-)
p.s.: it seems pointless to include both nnn-submitter@ and the actual
submitter in the 'to' list.
