[Bug 667509] Re: su's "authentication failure" error should help users discover sudo

[Launchpad Bug Tracker]

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: shadow (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/667509

Title:
  su's "authentication failure" error should help users discover sudo

Status in “shadow” package in Ubuntu:
  Confirmed

Bug description:
  At UDS today, Michael Terry and Adam Fourney of UWaterloo gave a talk
  about discovering usability holes in Ubuntu through search query
  mining.

  One specific example they raised was that of getting root access,
  which in general is queried for very frequently. One specific example
  of a usability hole was su, whose output in a default configuration is
  less than helpful:

  mingo:~ evan$ su
  Password: [type my password]
  su: Authentication failure
  mingo:~ evan$ 

  You can verify that this is a real pain point by going to Google,
  typing "ubuntu su " and looking at Google Suggest's autocompletions
  (which include "ubuntu su password" and "ubuntu su authentication
  failure").

  While this obviously will not solve the problem of discovering root
  access entirely, it seems like we could assist those users by having
  su's authentication failure output reference sudo.

  In the interests of not polluting the su binary itself, this could be
  usefully incorporated into the default /etc/pam.d/su file, using
  pam_echo (and pam_succeed_if) to display the message.

  I'm not sure exactly what that message should be, or what the
  conditions should be for displaying the message (probably either that
  /usr/bin/sudo exists, or maybe that the user is in the admin group).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/667509/+subscriptions