View previous topic :: View next topic |
Author |
Message |
handsomepete Guru
Joined: 21 Apr 2002 Posts: 548 Location: Kansas City, MO
|
Posted: Sun Apr 28, 2002 2:34 pm Post subject: Can't su - password rejected |
|
|
I may have missed this in past topics, but I'll ask anyways. For some reason I can't su to any user. Every time I try, even when I know the password is right, it still rejects the password. What controls this function? Does anyone know why this would happen? I know I could just become good friends with sudo, but I prefer the convenience of being able to su and exit out when I'm done. This is the only thing that's driving me nuts on my install. Any help would be appreciated. |
|
Back to top |
|
|
kavel n00b
Joined: 21 Apr 2002 Posts: 20 Location: Hillsboro, OR
|
Posted: Sun Apr 28, 2002 2:49 pm Post subject: |
|
|
Is the user you're trying to su from in wheel group? If not, you cannot use su.
Kavel |
|
Back to top |
|
|
ProGuy n00b
Joined: 14 Apr 2002 Posts: 17 Location: Denmark
|
Posted: Sun Apr 28, 2002 2:58 pm Post subject: |
|
|
su is controlled by PAM, and many setups prevents common users from su'ing. Only users being part of the wheel or root group may use su (it all depends on the setup). In the Gentoo setup, I beleive it's the wheel group.
This behavour is setup in /etc/pam.d/su. It's the line:
auth required /lib/security/pam_wheel.so use_uid
(or something similar)
So, you can do this multiple ways, one of them is to comment that line out (not recommended). And another way would be, to add all the users that need to be able to su to the wheel group (this is the suggested behavour). _________________ //ProGuy |
|
Back to top |
|
|
chemical n00b
Joined: 10 Apr 2002 Posts: 29 Location: San Diego, CA
|
Posted: Sun Apr 28, 2002 3:44 pm Post subject: |
|
|
I had that exact same problem when i first installed gentoo. Then i just added my user to the wheel group and everything worked fine |
|
Back to top |
|
|
handsomepete Guru
Joined: 21 Apr 2002 Posts: 548 Location: Kansas City, MO
|
Posted: Sun Apr 28, 2002 4:34 pm Post subject: |
|
|
Ah, great. Thanks a lot. I guess it's just another one of those things that you take for granted when you have a preconfigured distro... |
|
Back to top |
|
|
Smeedy n00b
Joined: 28 Apr 2002 Posts: 6 Location: Deventer, the Netherlands
|
Posted: Mon Apr 29, 2002 1:02 pm Post subject: su wheel NIS |
|
|
So how do I solve this one. When I log in to the gentoo machine, the user are verified to the YPserver. And even though I put a user in a wheel (same Id) group in the NISdomain, I still cannot su when I log in.
Sme _________________ --
31.69 nHz = once a year |
|
Back to top |
|
|
ProGuy n00b
Joined: 14 Apr 2002 Posts: 17 Location: Denmark
|
Posted: Thu May 02, 2002 11:57 am Post subject: |
|
|
Well, actually every good preconfigured distro, should have a setup much like it.
I think it's pretty important for security, only to allow a limited number of users to su.
But well, that's just me _________________ //ProGuy |
|
Back to top |
|
|
Jeevz Bodhisattva
Joined: 15 Apr 2002 Posts: 195 Location: Boston, MA
|
Posted: Thu May 02, 2002 1:35 pm Post subject: |
|
|
ProGuy wrote: | Well, actually every good preconfigured distro, should have a setup much like it.
I think it's pretty important for security, only to allow a limited number of users to su.
But well, that's just me |
I agree. I think it is a good idea for other distros to adopt this same behavior. |
|
Back to top |
|
|
Smeedy n00b
Joined: 28 Apr 2002 Posts: 6 Location: Deventer, the Netherlands
|
Posted: Tue May 14, 2002 9:59 pm Post subject: Re: su wheel NIS |
|
|
Smeedy wrote: | So how do I solve this one. When I log in to the gentoo machine, the user are verified to the YPserver. And even though I put a user in a wheel (same Id) group in the NISdomain, I still cannot su when I log in.
|
-begin shame-
'Solved' it. Edit local groupfile using vigr and add NISusers for appropriate groups.
-end shame-
sme _________________ --
31.69 nHz = once a year |
|
Back to top |
|
|
Guest
|
Posted: Sat May 25, 2002 4:44 pm Post subject: Well... I _still_ cant su |
|
|
Well... My day-to-day user is in the 'wheel' group, and still:
Code: |
$ su -
Password:
su: Authentication failure
Sorry.
|
I have checked my /etc/pam.d/su file time and time again, and not found anything wrong with it. Here it is:
Code: |
#%PAM-1.0
auth sufficient /lib/security/pam_rootok.so
auth required /lib/security/pam_wheel.so use_uid
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_xauth.so
|
And it just freaks me out! I have absolutely no idea why su doesn't work. It used to! To have a root session these days, I use 'ssh root@localhost'. Oh, how I miss those beautiful days of olde, when su worked for me.
(First post on the forum - I apologize for any mistakes) |
|
Back to top |
|
|
otulp n00b
Joined: 22 Apr 2002 Posts: 31 Location: Norway
|
Posted: Sun May 26, 2002 3:33 am Post subject: |
|
|
(That was me in the previous post - didn't notice that I was logged out )
After updating to sys-apps/shadow-4.0.2 and sys-apps/pam-login-3.6 things kind of fixed themselves. At least, I guess that was what fixed my problem.
Well. I'm happy. Still have no idea why things didn't work before, though. |
|
Back to top |
|
|
TheWart Guru
Joined: 10 May 2002 Posts: 432 Location: Nashville,TN - USA
|
Posted: Sun May 26, 2002 3:56 am Post subject: |
|
|
not to criticize (as I have asked nooby questions/still do), but there should be a link to the FAQ on the top of the forums, as this root question comes up about every week, and the answer is in the faq. _________________ Face it, we are all noobs.
On the box it said it was designed for Win XP or better, so why won't it work with Linux? |
|
Back to top |
|
|
MochaJunkie n00b
Joined: 22 Nov 2002 Posts: 13
|
Posted: Fri Nov 22, 2002 10:16 pm Post subject: more SU problems |
|
|
I am having the same problem as one of the guys here. I did the old 'emerge -u system ' on my gentoo 1.4 system. It still works but I can't for the life of me su. I get the
permisssion denied.
Sorry.
message. I used to be able to do it. I am still in the wheel group too. So i found this thread and saw the person who emerged shadow and pam-login and was working again!! I tried it and still not working so I treid to emerge pam itself. Still no luck. Does anyone else have a suggestion before I re=install the whole system
thanks |
|
Back to top |
|
|
rac Bodhisattva
Joined: 30 May 2002 Posts: 6553 Location: Japanifornia
|
Posted: Fri Nov 22, 2002 10:20 pm Post subject: |
|
|
MochaJunkie, have a look at A1.1 of Why can't I su to root?. _________________ For every higher wall, there is a taller ladder |
|
Back to top |
|
|
riceboy50 n00b
Joined: 12 Nov 2002 Posts: 48 Location: Southern CA
|
Posted: Tue Nov 26, 2002 1:16 am Post subject: |
|
|
Another easy way to get into su without having to add users to the wheel group is to skip to the next unused terminal screen (press alt + 1,2,3,etc. ) to change back and forth. There are several available and you can login using "root" and the su password. I agree with everyone else that it's just a good idea to add a limited number of users to wheel group for ease of switching. _________________ I am logged on therefore I am... |
|
Back to top |
|
|
viduliya n00b
Joined: 05 Nov 2003 Posts: 29 Location: Ottawa CANADA
|
Posted: Tue Sep 21, 2004 5:01 pm Post subject: Thanks my /bin/su did not have the sticky bit. |
|
|
all it took was:
Your linke helped a lot. I can "su" happily now. Thank you. _________________ There are exactly 10 kinds of people in the world those who understand binary and those who don't. |
|
Back to top |
|
|
|