su's "authentication failure" error should help users discover sudo

Bug #667509 reported by Evan Broder
This bug affects 3 people
Affects Status Importance Assigned to Milestone
shadow (Ubuntu)

Bug Description

At UDS today, Michael Terry and Adam Fourney of UWaterloo gave a talk about discovering usability holes in Ubuntu through search query mining.

One specific example they raised was that of getting root access, which in general is queried for very frequently. One specific example of a usability hole was su, whose output in a default configuration is less than helpful:

mingo:~ evan$ su
Password: [type my password]
su: Authentication failure
mingo:~ evan$

You can verify that this is a real pain point by going to Google, typing "ubuntu su " and looking at Google Suggest's autocompletions (which include "ubuntu su password" and "ubuntu su authentication failure").

While this obviously will not solve the problem of discovering root access entirely, it seems like we could assist those users by having su's authentication failure output reference sudo.

In the interests of not polluting the su binary itself, this could be usefully incorporated into the default /etc/pam.d/su file, using pam_echo (and pam_succeed_if) to display the message.

I'm not sure exactly what that message should be, or what the conditions should be for displaying the message (probably either that /usr/bin/sudo exists, or maybe that the user is in the admin group).

Revision history for this message
Phillip Susi (psusi) wrote :

How about setting up a default alias for su to man root_sudo?

Revision history for this message
Colin Watson (cjwatson) wrote : Re: [Bug 667509] Re: su's "authentication failure" error should help users discover sudo

No, quite a few people still intentionally use su and we shouldn't be
erecting more and more irritating barriers in their way even if they
have workarounds. Changing the error message sounds like a better idea.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in shadow (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Related blueprints

Remote bug watches

Bug watches keep track of this bug in other bug trackers.