View previous topic :: View next topic |
Author |
Message |
Pergamon Tux's lil' helper
Joined: 01 Feb 2004 Posts: 117
|
Posted: Tue Nov 16, 2004 12:48 pm Post subject: Can't su. wheel ok, kernel ok, perms ok, [solved] |
|
|
Trying to su as a user 'myuser' who is in group wheel fails with
Code: | su: Authentication failure.
Sorry. |
I did extensive search, but found no answer.
ls -l /bin/su:
Code: | -rws--x--x 1 root root 24380 Nov 16 13:59 /bin/su |
/etc/group:
Code: | wheel::10:root,myuser
audio::18:myuser
games::35:myuser
users::100:games,myuser |
/etc/passwd:
Code: | myuser:x:1000:100::/home/myuser:/bin/bash |
The system is up-to-date ~x86 and the kernel (2.6.9) contains PTYs:
Code: | CONFIG_SERIAL_CORE=y
CONFIG_UNIX98_PTYS=y
CONFIG_LEGACY_PTYS=y
CONFIG_LEGACY_PTY_COUNT=256 |
I followed the recommendation in Problems with PAM, and commented out DISPLAY, REMOTEHOST and XAUTHORITY in /etc/security/pam_env.conf.
/var/log/messages shows:
Code: | Nov 16 14:43:16 mycomp unix_chkpwd[28540]: check pass; user unknown
Nov 16 14:43:16 mycomp su(pam_unix)[28539]: authentication failure; logname=LOGIN uid=1000 euid=1000 tty=tty2 ruser=myuser rhost= user=root
Nov 16 14:43:18 mycomp su[28539]: pam_authenticate: Authentication failure
|
I did re-emerge PAM PAM-LOGIN and SHADOW, no effect.
Any clues?
Last edited by Pergamon on Wed Nov 17, 2004 7:15 pm; edited 3 times in total |
|
Back to top |
|
|
timezone n00b
Joined: 07 Sep 2004 Posts: 31 Location: IA
|
Posted: Tue Nov 16, 2004 2:13 pm Post subject: |
|
|
What does your /etc/securetty look like?
that file "...lists ttys from which root can log in."
Make sure you didnt miss this step:
Quote: | If you want root to be able to log on through the serial console, add tts/0 to /etc/securetty:
Code Listing 23: Adding tts/0 to /etc/securetty
# echo "tts/0" >> /etc/securetty |
http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1&chap=8 |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
Posted: Tue Nov 16, 2004 2:33 pm Post subject: |
|
|
/etc/securetty shouldn't affect su. Logging in via console isn't the same as su. _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
Pergamon Tux's lil' helper
Joined: 01 Feb 2004 Posts: 117
|
Posted: Tue Nov 16, 2004 2:52 pm Post subject: |
|
|
Quote: | What does your /etc/securetty look like?
that file "...lists ttys from which root can log in."
Make sure you didnt miss this step:
Quote: | If you want root to be able to log on through the serial console, add tts/0 to /etc/securetty:
Code Listing 23: Adding tts/0 to /etc/securetty
# echo "tts/0" >> /etc/securetty |
|
My /etc/securetty already contained this:
This does not seem to be the problem... |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
Posted: Tue Nov 16, 2004 3:00 pm Post subject: Re: Can't su. wheel ok, kernel ok, perms ok, why? |
|
|
Did this happen suddenly, or is this a new install, etc., etc.? If it was working on an 'older' install, can you think of anything you've done recently?
Pergamon wrote: | The system is up-to-date ~x86 | I'm wondering if using stable packages would make a difference. _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
Pergamon Tux's lil' helper
Joined: 01 Feb 2004 Posts: 117
|
Posted: Tue Nov 16, 2004 3:13 pm Post subject: Re: Can't su. wheel ok, kernel ok, perms ok, why? |
|
|
This happened on a new install. I started to install Gentoo on my Laptop with XP as second OS on it. The install got interrupted some weeks ago (without ever booting into the installation) and yesterday I continued the installation restarting after phase 1 bootstrap. I did however quite some changes to USE flags during installation. This might have messed up things? Currently, I am doing an "emerge -e world" to make sure everything fits together. But I fear that the inability to 'su' is caused by some misconfigured configuration file and will not be solved by re-emerging. |
|
Back to top |
|
|
Pergamon Tux's lil' helper
Joined: 01 Feb 2004 Posts: 117
|
Posted: Wed Nov 17, 2004 12:20 pm Post subject: Re: Can't su. wheel ok, kernel ok, perms ok, why? |
|
|
Now I have completely rebuild my entire gentoo system - but the error remains. The user 'myuser' still cannot 'su'. If someone has suggestions how to further trace this down, that would be great! |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
Posted: Wed Nov 17, 2004 4:07 pm Post subject: |
|
|
Did you compile grsecurity into the kernel? _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
Pergamon Tux's lil' helper
Joined: 01 Feb 2004 Posts: 117
|
Posted: Wed Nov 17, 2004 6:35 pm Post subject: |
|
|
pjp wrote: | Did you compile grsecurity into the kernel? |
None of the security options is included in the kernel. |
|
Back to top |
|
|
Pergamon Tux's lil' helper
Joined: 01 Feb 2004 Posts: 117
|
Posted: Wed Nov 17, 2004 7:22 pm Post subject: Problem solved! |
|
|
The root file system was mounted with options "users,exec" in fstab. This seems to be another way to break su
Code: | /dev/hda1 / ext3 users,exec 0 0 |
I just removed those options (which were introduced by copying an fstab auto-created by a knoppix boot cd) and: su works again!
Code: | /dev/hda1 / ext3 noatime 0 0 |
Thanks everybody for the help along the way! |
|
Back to top |
|
|
|