su's "authentication failure" error should help users discover sudo
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
shadow (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
At UDS today, Michael Terry and Adam Fourney of UWaterloo gave a talk about discovering usability holes in Ubuntu through search query mining.
One specific example they raised was that of getting root access, which in general is queried for very frequently. One specific example of a usability hole was su, whose output in a default configuration is less than helpful:
mingo:~ evan$ su
Password: [type my password]
su: Authentication failure
mingo:~ evan$
You can verify that this is a real pain point by going to Google, typing "ubuntu su " and looking at Google Suggest's autocompletions (which include "ubuntu su password" and "ubuntu su authentication failure").
While this obviously will not solve the problem of discovering root access entirely, it seems like we could assist those users by having su's authentication failure output reference sudo.
In the interests of not polluting the su binary itself, this could be usefully incorporated into the default /etc/pam.d/su file, using pam_echo (and pam_succeed_if) to display the message.
I'm not sure exactly what that message should be, or what the conditions should be for displaying the message (probably either that /usr/bin/sudo exists, or maybe that the user is in the admin group).
How about setting up a default alias for su to man root_sudo?