Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
su fail: Cannot execute /bin/bash: Permission denied
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Duplicate Threads
View previous topic :: View next topic  
Author Message
m27315
Apprentice
Apprentice


Joined: 10 Dec 2004
Posts: 234
Location: 2 workstations down

PostPosted: Wed Dec 29, 2004 4:48 am    Post subject: su fail: Cannot execute /bin/bash: Permission denied Reply with quote

Whenever I log in as root and try to su to a regular user, I get the following error:

Code:
[root@mymachine]$ su myuser
Cannot execute /bin/bash: Permission denied

If I try to login as this user from the primary console, I get:

Code:
mymachine login: myuser
Password:
login(pam_unix)[7908]: session opened for user myuser by (uid=0)
No directory /home/myuser
login(pam_unix[7908]: session closed for user myuser

I used to be able to login using this user id (BTW, I tried creating a new user - that didn't help). The directory /home/myuser does indeed exist, and I can see it as root. The owner:group are set to myuser:users for the home directory.

I think it is something wrong with my /etc/fstab, because of the login error, "No directory /home/myuser". However, after trying several variations in the /etc/fstab options for root, /home, and /www, I have all but given up. Here's my /etc/fstab:

Code:
cat /etc/fstab | grep -v '#'

/dev/hda1       /boot           ext2            noauto,noatime                  1 2
/dev/hdb6       /               reiserfs        noatime,user,exec,suid          0 0
/dev/hdb7       /home           ext3            noatime,user,exec               0 0
/dev/hdb8       swap            swap            sw,pri=1                        0 0
/dev/hdb9       /www            reiserfs        noatime,user,exec               0 0

/dev/cdroms/cdrom0      /mnt/cdrom0     auto            noauto,user             0 0
/dev/cdroms/cdrom       /mnt/cdrom      auto            noauto,user             0 0
/dev/fd0                /mnt/floppy     auto            noauto,user             0 0
none                    /proc           proc            defaults                0 0
none                    /dev/shm        tmpfs           defaults                0 0

I have tried many other things related to su fails per other posts in the gentoo forum, which are documented here:

I have emerged the latest versions of pam and shadow:

Code:
sys-apps/shadow-4.0.6
sys-libs/pam-0.77-r4

Per this post http://forums.gentoo.org/viewtopic.php?t=13934 and bug report http://bugs.gentoo.org/show_bug.cgi?id=56129, all my permissions seem to be correct for files related to the shadow suid bug:

Code:
ls -l $(cat /var/db/pkg/sys-apps/shadow-4.0.6/CONTENTS | grep /bin/ | awk '{print $2}')
-rwxr-xr-x  1 root root  6372 Dec 28 22:22 /bin/groups
-rwsr-xr-x  1 root root 28640 Dec 28 22:22 /bin/passwd
-rwsr-xr-x  1 root root 24532 Dec 28 22:22 /bin/su
-rwsr-xr-x  1 root root 37664 Dec 28 22:22 /usr/bin/chage
-rwsr-xr-x  1 root root 29608 Dec 28 22:22 /usr/bin/chfn
-rwsr-xr-x  1 root root 29684 Dec 28 22:22 /usr/bin/chsh
-rwsr-xr-x  1 root root 17824 Dec 28 22:22 /usr/bin/expiry
-rwxr-xr-x  1 root root  7952 Dec 28 22:22 /usr/bin/faillog
-rwsr-xr-x  1 root root 37216 Dec 28 22:22 /usr/bin/gpasswd
-rwxr-xr-x  1 root root  6308 Dec 28 22:22 /usr/bin/lastlog
-rwsr-xr-x  1 root root 24352 Dec 28 22:22 /usr/bin/newgrp
lrwxrwxrwx  1 root root    11 Dec 28 22:22 /usr/bin/passwd -> /bin/passwd
lrwxrwxrwx  1 root root     6 Dec 28 22:22 /usr/bin/sg -> newgrp

I commented out the lines in my /etc/pam.conf file, per this post: http://forums.gentoo.org/viewtopic.php?t=249744

Code:
#REMOTEHOST     DEFAULT= OVERRIDE=@{PAM_RHOST}
#DISPLAY                DEFAULT= OVERRIDE=@{DISPLAY}
#XAUTHORITY     DEFAULT= OVERRIDE=@{XAUTHORITY}


I disabled the need for users to be in the wheel group, per this post http://forums.gentoo.org/viewtopic.php?t=246959:

Code:
#
# If "yes", the user must be listed as a member of the first gid 0 group
# in /etc/group (called "root" on most Linux systems) to be able to "su"
# to uid 0 accounts.  If the group doesn't exist or is empty, no one
# will be able to "su" to uid 0.
#
SU_WHEEL_ONLY   no

Finally, I tried to duplicate the pam functionality, per the tail of this post http://forums.gentoo.org/viewtopic.php?t=246959, by setting up this config file:

Code:
echo "ALL:ALL EXCEPT GROUP wheel:DENY" > /etc/suauth

I think something is wrong with fstab, but I haven't been able to figure it out. Since I am trying to set up a web-server, any additional advice related to customizing /etc/fstab for apache2 would be greatly appreciated.

(BTW, I did reboot several times during this week long process.)
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 16113
Location: Colorado

PostPosted: Wed Dec 29, 2004 6:43 am    Post subject: Reply with quote

Maybe this thread can help.
_________________
lolgov. 'cause where we're going, you don't have civil liberties.

In Loving Memory
1787 - 2008
Back to top
View user's profile Send private message
m27315
Apprentice
Apprentice


Joined: 10 Dec 2004
Posts: 234
Location: 2 workstations down

PostPosted: Thu Dec 30, 2004 12:36 am    Post subject: Reply with quote

That was the problem! Thanks, pjp!!!

For everybody else:

I had performed the following steps to update my system:

Code:
# emerge --update --deep --newuse world
# emerge depclean
# revdep-rebuild


and when I finished the permissions on my root directory looked like:

Code:
drwxr-x---  25 root   root  592 Dec 29 18:26 .


I also emerged a few other applications, but updating the entire box was the cause noted in the above mentioned post.

After adding read and execute access to the root directory, everything worked great!

Code:
chmod a+rx /


This fixed the "403 Permission denied" error that Apache was giving me too!

Thanks!!!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Duplicate Threads All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum