Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Can't su - password rejected
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Duplicate Threads
View previous topic :: View next topic  
Author Message
handsomepete
Guru
Guru


Joined: 21 Apr 2002
Posts: 548
Location: Kansas City, MO

PostPosted: Sun Apr 28, 2002 2:34 pm    Post subject: Can't su - password rejected Reply with quote

I may have missed this in past topics, but I'll ask anyways. For some reason I can't su to any user. Every time I try, even when I know the password is right, it still rejects the password. What controls this function? Does anyone know why this would happen? I know I could just become good friends with sudo, but I prefer the convenience of being able to su and exit out when I'm done. This is the only thing that's driving me nuts on my install. Any help would be appreciated.
Back to top
View user's profile Send private message
kavel
n00b
n00b


Joined: 21 Apr 2002
Posts: 20
Location: Hillsboro, OR

PostPosted: Sun Apr 28, 2002 2:49 pm    Post subject: Reply with quote

Is the user you're trying to su from in wheel group? If not, you cannot use su.

Kavel
Back to top
View user's profile Send private message
ProGuy
n00b
n00b


Joined: 14 Apr 2002
Posts: 17
Location: Denmark

PostPosted: Sun Apr 28, 2002 2:58 pm    Post subject: Reply with quote

su is controlled by PAM, and many setups prevents common users from su'ing. Only users being part of the wheel or root group may use su (it all depends on the setup). In the Gentoo setup, I beleive it's the wheel group.

This behavour is setup in /etc/pam.d/su. It's the line:

auth required /lib/security/pam_wheel.so use_uid

(or something similar)

So, you can do this multiple ways, one of them is to comment that line out (not recommended). And another way would be, to add all the users that need to be able to su to the wheel group (this is the suggested behavour).
_________________
//ProGuy
Back to top
View user's profile Send private message
chemical
n00b
n00b


Joined: 10 Apr 2002
Posts: 29
Location: San Diego, CA

PostPosted: Sun Apr 28, 2002 3:44 pm    Post subject: Reply with quote

I had that exact same problem when i first installed gentoo. Then i just added my user to the wheel group and everything worked fine
Back to top
View user's profile Send private message
handsomepete
Guru
Guru


Joined: 21 Apr 2002
Posts: 548
Location: Kansas City, MO

PostPosted: Sun Apr 28, 2002 4:34 pm    Post subject: Reply with quote

Ah, great. Thanks a lot. I guess it's just another one of those things that you take for granted when you have a preconfigured distro... :)
Back to top
View user's profile Send private message
Smeedy
n00b
n00b


Joined: 28 Apr 2002
Posts: 6
Location: Deventer, the Netherlands

PostPosted: Mon Apr 29, 2002 1:02 pm    Post subject: su wheel NIS Reply with quote

So how do I solve this one. When I log in to the gentoo machine, the user are verified to the YPserver. And even though I put a user in a wheel (same Id) group in the NISdomain, I still cannot su when I log in.

Sme
_________________
--
31.69 nHz = once a year
Back to top
View user's profile Send private message
ProGuy
n00b
n00b


Joined: 14 Apr 2002
Posts: 17
Location: Denmark

PostPosted: Thu May 02, 2002 11:57 am    Post subject: Reply with quote

Well, actually every good preconfigured distro, should have a setup much like it.
I think it's pretty important for security, only to allow a limited number of users to su.

But well, that's just me :)
_________________
//ProGuy
Back to top
View user's profile Send private message
Jeevz
Bodhisattva
Bodhisattva


Joined: 15 Apr 2002
Posts: 195
Location: Boston, MA

PostPosted: Thu May 02, 2002 1:35 pm    Post subject: Reply with quote

ProGuy wrote:
Well, actually every good preconfigured distro, should have a setup much like it.
I think it's pretty important for security, only to allow a limited number of users to su.

But well, that's just me :)


I agree. I think it is a good idea for other distros to adopt this same behavior.
Back to top
View user's profile Send private message
Smeedy
n00b
n00b


Joined: 28 Apr 2002
Posts: 6
Location: Deventer, the Netherlands

PostPosted: Tue May 14, 2002 9:59 pm    Post subject: Re: su wheel NIS Reply with quote

Smeedy wrote:
So how do I solve this one. When I log in to the gentoo machine, the user are verified to the YPserver. And even though I put a user in a wheel (same Id) group in the NISdomain, I still cannot su when I log in.


-begin shame-
'Solved' it. Edit local groupfile using vigr and add NISusers for appropriate groups.
-end shame-

sme
_________________
--
31.69 nHz = once a year
Back to top
View user's profile Send private message
Guest






PostPosted: Sat May 25, 2002 4:44 pm    Post subject: Well... I _still_ cant su Reply with quote

Well... My day-to-day user is in the 'wheel' group, and still:

Code:

$ su -
Password:
su: Authentication failure
Sorry.


I have checked my /etc/pam.d/su file time and time again, and not found anything wrong with it. Here it is:

Code:

#%PAM-1.0

auth       sufficient   /lib/security/pam_rootok.so
auth       required     /lib/security/pam_wheel.so use_uid
auth       required     /lib/security/pam_stack.so service=system-auth

account    required     /lib/security/pam_stack.so service=system-auth

password   required     /lib/security/pam_stack.so service=system-auth

session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_xauth.so


And it just freaks me out! 8O I have absolutely no idea why su doesn't work. It used to! To have a root session these days, I use 'ssh root@localhost'. Oh, how I miss those beautiful days of olde, when su worked for me.

(First post on the forum - I apologize for any mistakes)
Back to top
otulp
n00b
n00b


Joined: 22 Apr 2002
Posts: 31
Location: Norway

PostPosted: Sun May 26, 2002 3:33 am    Post subject: Reply with quote

(That was me in the previous post - didn't notice that I was logged out :oops: )

After updating to sys-apps/shadow-4.0.2 and sys-apps/pam-login-3.6 things kind of fixed themselves. At least, I guess that was what fixed my problem.

Well. I'm happy. Still have no idea why things didn't work before, though.
Back to top
View user's profile Send private message
TheWart
Guru
Guru


Joined: 10 May 2002
Posts: 432
Location: Nashville,TN - USA

PostPosted: Sun May 26, 2002 3:56 am    Post subject: Reply with quote

not to criticize (as I have asked nooby questions/still do), but there should be a link to the FAQ on the top of the forums, as this root question comes up about every week, and the answer is in the faq.
_________________
Face it, we are all noobs.

On the box it said it was designed for Win XP or better, so why won't it work with Linux?
Back to top
View user's profile Send private message
MochaJunkie
n00b
n00b


Joined: 22 Nov 2002
Posts: 13

PostPosted: Fri Nov 22, 2002 10:16 pm    Post subject: more SU problems Reply with quote

I am having the same problem as one of the guys here. I did the old 'emerge -u system ' on my gentoo 1.4 system. It still works but I can't for the life of me su. I get the

permisssion denied.
Sorry.

message. :x I used to be able to do it. I am still in the wheel group too. So i found this thread and saw the person who emerged shadow and pam-login and was working again!! I tried it and still not working so I treid to emerge pam itself. Still no luck. Does anyone else have a suggestion before I re=install the whole system :roll:

thanks
Back to top
View user's profile Send private message
rac
Bodhisattva
Bodhisattva


Joined: 30 May 2002
Posts: 6553
Location: Japanifornia

PostPosted: Fri Nov 22, 2002 10:20 pm    Post subject: Reply with quote

MochaJunkie, have a look at A1.1 of Why can't I su to root?.
_________________
For every higher wall, there is a taller ladder
Back to top
View user's profile Send private message
riceboy50
n00b
n00b


Joined: 12 Nov 2002
Posts: 48
Location: Southern CA

PostPosted: Tue Nov 26, 2002 1:16 am    Post subject: Reply with quote

Another easy way to get into su without having to add users to the wheel group is to skip to the next unused terminal screen (press alt + 1,2,3,etc. ) to change back and forth. There are several available and you can login using "root" and the su password. I agree with everyone else that it's just a good idea to add a limited number of users to wheel group for ease of switching.
_________________
I am logged on therefore I am...
Back to top
View user's profile Send private message
viduliya
n00b
n00b


Joined: 05 Nov 2003
Posts: 29
Location: Ottawa CANADA

PostPosted: Tue Sep 21, 2004 5:01 pm    Post subject: Thanks my /bin/su did not have the sticky bit. Reply with quote

rac wrote:
MochaJunkie, have a look at A1.1 of Why can't I su to root?.


all it took was:
Code:
chmod 4755 /bin/su


Your linke helped a lot. I can "su" happily now. :) Thank you.
_________________
There are exactly 10 kinds of people in the world those who understand binary and those who don't.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Duplicate Threads All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum