Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Can't su. wheel ok, kernel ok, perms ok, [solved]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Pergamon
Tux's lil' helper
Tux's lil' helper


Joined: 01 Feb 2004
Posts: 117

PostPosted: Tue Nov 16, 2004 12:48 pm    Post subject: Can't su. wheel ok, kernel ok, perms ok, [solved] Reply with quote

Trying to su as a user 'myuser' who is in group wheel fails with
Code:
su: Authentication failure.
Sorry.

I did extensive search, but found no answer.

ls -l /bin/su:
Code:
-rws--x--x  1 root root 24380 Nov 16 13:59 /bin/su

/etc/group:
Code:
wheel::10:root,myuser
audio::18:myuser
games::35:myuser
users::100:games,myuser

/etc/passwd:
Code:
myuser:x:1000:100::/home/myuser:/bin/bash

The system is up-to-date ~x86 and the kernel (2.6.9) contains PTYs:
Code:
CONFIG_SERIAL_CORE=y
CONFIG_UNIX98_PTYS=y
CONFIG_LEGACY_PTYS=y
CONFIG_LEGACY_PTY_COUNT=256

I followed the recommendation in Problems with PAM, and commented out DISPLAY, REMOTEHOST and XAUTHORITY in /etc/security/pam_env.conf.

/var/log/messages shows:
Code:
Nov 16 14:43:16 mycomp unix_chkpwd[28540]: check pass; user unknown
Nov 16 14:43:16 mycomp su(pam_unix)[28539]: authentication failure; logname=LOGIN uid=1000 euid=1000 tty=tty2 ruser=myuser rhost=  user=root
Nov 16 14:43:18 mycomp su[28539]: pam_authenticate: Authentication failure

I did re-emerge PAM PAM-LOGIN and SHADOW, no effect.

Any clues?


Last edited by Pergamon on Wed Nov 17, 2004 7:15 pm; edited 3 times in total
Back to top
View user's profile Send private message
timezone
n00b
n00b


Joined: 07 Sep 2004
Posts: 31
Location: IA

PostPosted: Tue Nov 16, 2004 2:13 pm    Post subject: Reply with quote

What does your /etc/securetty look like?
that file "...lists ttys from which root can log in."

Make sure you didnt miss this step:

Quote:
If you want root to be able to log on through the serial console, add tts/0 to /etc/securetty:

Code Listing 23: Adding tts/0 to /etc/securetty
# echo "tts/0" >> /etc/securetty


http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1&chap=8
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 20053

PostPosted: Tue Nov 16, 2004 2:33 pm    Post subject: Reply with quote

/etc/securetty shouldn't affect su. Logging in via console isn't the same as su.
_________________
Quis separabit? Quo animo?
Back to top
View user's profile Send private message
Pergamon
Tux's lil' helper
Tux's lil' helper


Joined: 01 Feb 2004
Posts: 117

PostPosted: Tue Nov 16, 2004 2:52 pm    Post subject: Reply with quote

Quote:
What does your /etc/securetty look like?
that file "...lists ttys from which root can log in."

Make sure you didnt miss this step:

Quote:
If you want root to be able to log on through the serial console, add tts/0 to /etc/securetty:

Code Listing 23: Adding tts/0 to /etc/securetty
# echo "tts/0" >> /etc/securetty


My /etc/securetty already contained this:
Code:

...
tts/0
ttyS0

This does not seem to be the problem...
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 20053

PostPosted: Tue Nov 16, 2004 3:00 pm    Post subject: Re: Can't su. wheel ok, kernel ok, perms ok, why? Reply with quote

Did this happen suddenly, or is this a new install, etc., etc.? If it was working on an 'older' install, can you think of anything you've done recently?
Pergamon wrote:
The system is up-to-date ~x86
I'm wondering if using stable packages would make a difference.
_________________
Quis separabit? Quo animo?
Back to top
View user's profile Send private message
Pergamon
Tux's lil' helper
Tux's lil' helper


Joined: 01 Feb 2004
Posts: 117

PostPosted: Tue Nov 16, 2004 3:13 pm    Post subject: Re: Can't su. wheel ok, kernel ok, perms ok, why? Reply with quote

This happened on a new install. I started to install Gentoo on my Laptop with XP as second OS on it. The install got interrupted some weeks ago (without ever booting into the installation) and yesterday I continued the installation restarting after phase 1 bootstrap. I did however quite some changes to USE flags during installation. This might have messed up things? Currently, I am doing an "emerge -e world" to make sure everything fits together. But I fear that the inability to 'su' is caused by some misconfigured configuration file and will not be solved by re-emerging.
Back to top
View user's profile Send private message
Pergamon
Tux's lil' helper
Tux's lil' helper


Joined: 01 Feb 2004
Posts: 117

PostPosted: Wed Nov 17, 2004 12:20 pm    Post subject: Re: Can't su. wheel ok, kernel ok, perms ok, why? Reply with quote

Now I have completely rebuild my entire gentoo system - but the error remains. The user 'myuser' still cannot 'su'. If someone has suggestions how to further trace this down, that would be great!
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 20053

PostPosted: Wed Nov 17, 2004 4:07 pm    Post subject: Reply with quote

Did you compile grsecurity into the kernel?
_________________
Quis separabit? Quo animo?
Back to top
View user's profile Send private message
Pergamon
Tux's lil' helper
Tux's lil' helper


Joined: 01 Feb 2004
Posts: 117

PostPosted: Wed Nov 17, 2004 6:35 pm    Post subject: Reply with quote

pjp wrote:
Did you compile grsecurity into the kernel?

None of the security options is included in the kernel.
Back to top
View user's profile Send private message
Pergamon
Tux's lil' helper
Tux's lil' helper


Joined: 01 Feb 2004
Posts: 117

PostPosted: Wed Nov 17, 2004 7:22 pm    Post subject: Problem solved! Reply with quote

The root file system was mounted with options "users,exec" in fstab. This seems to be another way to break su :-)
Code:
/dev/hda1               /               ext3            users,exec         0 0

I just removed those options (which were introduced by copying an fstab auto-created by a knoppix boot cd) and: su works again!
Code:
/dev/hda1               /               ext3            noatime         0 0


Thanks everybody for the help along the way!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum