Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
trouble with su command in xterm [solved]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
dilandau
Guru
Guru


Joined: 24 May 2003
Posts: 485
Location: germany

PostPosted: Sun Dec 05, 2004 3:03 pm    Post subject: trouble with su command in xterm [solved] Reply with quote

when i enter su in xterm and the password nothing happens until i press CTRL-C. it worked yesterday and teh password still works when loggin in as root from annother console. only the xterm refuses to work.
_________________
gentoo linux - amd duron stalebred 1600 - elsa gladiac 311 (nvidia) - elitegroup k7s5a (sis, lan) - 256mb ram - wintv pci fm - airstar2 dvb-t pci - ide cdwriter - hp psc 1110


Last edited by dilandau on Sun Dec 05, 2004 7:36 pm; edited 1 time in total
Back to top
View user's profile Send private message
jkt
Developer
Developer


Joined: 06 Feb 2004
Posts: 1249
Location: Prague, Czech republic, EU

PostPosted: Sun Dec 05, 2004 4:42 pm    Post subject: Reply with quote

does it say anything into syslog? (/var/log/auth.log or /var/log/messages,...)
Back to top
View user's profile Send private message
dilandau
Guru
Guru


Joined: 24 May 2003
Posts: 485
Location: germany

PostPosted: Sun Dec 05, 2004 4:52 pm    Post subject: Reply with quote

interestingly i have neither of these two logfiles, though metalog is running.

in /valr/log/everything/current i found at last (when trying the su from xterm):

Dec 5 18:14:04 [su] PAM pam_putenv: delete non-existent entry; REMOTEHOST
Dec 5 18:14:04 [PAM-env] Unknown PAM_ITEM: <XAUTHORITY>
Dec 5 18:14:04 [su] PAM pam_putenv: delete non-existent entry; XAUTHORITY
Dec 5 18:14:04 [su(pam_unix)] session opened for user root by (uid=1000)
Dec 5 18:14:04 [su] PAM pam_putenv: delete non-existent entry; REMOTEHOST
Dec 5 18:14:04 [PAM-env] Unknown PAM_ITEM: <XAUTHORITY>
Dec 5 18:14:04 [su] PAM pam_putenv: delete non-existent entry; XAUTHORITY

after this time the su works. so if i wait teh two minutes, it works.

(login as root from console still works in instant time)
_________________
gentoo linux - amd duron stalebred 1600 - elsa gladiac 311 (nvidia) - elitegroup k7s5a (sis, lan) - 256mb ram - wintv pci fm - airstar2 dvb-t pci - ide cdwriter - hp psc 1110
Back to top
View user's profile Send private message
jkt
Developer
Developer


Joined: 06 Feb 2004
Posts: 1249
Location: Prague, Czech republic, EU

PostPosted: Sun Dec 05, 2004 5:01 pm    Post subject: Reply with quote

yeah, exact locations depend on your setup.
so it has a delay of two minutes?
Back to top
View user's profile Send private message
dilandau
Guru
Guru


Joined: 24 May 2003
Posts: 485
Location: germany

PostPosted: Sun Dec 05, 2004 5:04 pm    Post subject: Reply with quote

i find these locations uncommon. is there an easy way to change them to a more "standard" (if such exists)?

yeah, su takes some time. i can switch console sometimes and display a long textfile on annother console until the prompt in the xterm is ready. it probably has to do domething with pam and xauthority. i never underdtood what that means.
_________________
gentoo linux - amd duron stalebred 1600 - elsa gladiac 311 (nvidia) - elitegroup k7s5a (sis, lan) - 256mb ram - wintv pci fm - airstar2 dvb-t pci - ide cdwriter - hp psc 1110
Back to top
View user's profile Send private message
jkt
Developer
Developer


Joined: 06 Feb 2004
Posts: 1249
Location: Prague, Czech republic, EU

PostPosted: Sun Dec 05, 2004 5:13 pm    Post subject: Reply with quote

dilandau wrote:
i find these locations uncommon. is there an easy way to change them to a more "standard" (if such exists)?

I'm using syslog-ng personally, but I'm sure metalog has some way of filtering/moving different facilities/importance into several files. consult it's docs :-)

Quote:

yeah, su takes some time. i can switch console sometimes and display a long textfile on annother console until the prompt in the xterm is ready. it probably has to do domething with pam and xauthority. i never underdtood what that means.

you can start with comparing /etc/pam.d/su with /etc/pam.d/login (maybe something else) and trying to temporarily comment-out the differences in su to see what feature is causing troubles.
Back to top
View user's profile Send private message
dilandau
Guru
Guru


Joined: 24 May 2003
Posts: 485
Location: germany

PostPosted: Sun Dec 05, 2004 5:22 pm    Post subject: Reply with quote

these two lines caused the problems:

#session required /lib/security/pam_env.so
#session optional /lib/security/pam_xauth.so

the first one took the most time, teh second only a notably one second.

how can i know what they are for and that my system still works as expectedwith those two lines removed? as i said, the su command worked right yesterday and i didnt change on the system. something else must be the reason.
_________________
gentoo linux - amd duron stalebred 1600 - elsa gladiac 311 (nvidia) - elitegroup k7s5a (sis, lan) - 256mb ram - wintv pci fm - airstar2 dvb-t pci - ide cdwriter - hp psc 1110


Last edited by dilandau on Sun Dec 05, 2004 5:31 pm; edited 1 time in total
Back to top
View user's profile Send private message
jkt
Developer
Developer


Joined: 06 Feb 2004
Posts: 1249
Location: Prague, Czech republic, EU

PostPosted: Sun Dec 05, 2004 5:30 pm    Post subject: Reply with quote

dilandau wrote:
these two lines caused the problems:

#session required /lib/security/pam_env.so

have a look at /etc/security/pam_env.conf
Quote:

#session optional /lib/security/pam_xauth.so

this should be ok. uncomment it.
Back to top
View user's profile Send private message
dilandau
Guru
Guru


Joined: 24 May 2003
Posts: 485
Location: germany

PostPosted: Sun Dec 05, 2004 5:33 pm    Post subject: Reply with quote

not ok. the second line really makes the longest wait. you say it shouldnt...
_________________
gentoo linux - amd duron stalebred 1600 - elsa gladiac 311 (nvidia) - elitegroup k7s5a (sis, lan) - 256mb ram - wintv pci fm - airstar2 dvb-t pci - ide cdwriter - hp psc 1110


Last edited by dilandau on Sun Dec 05, 2004 5:41 pm; edited 2 times in total
Back to top
View user's profile Send private message
jkt
Developer
Developer


Joined: 06 Feb 2004
Posts: 1249
Location: Prague, Czech republic, EU

PostPosted: Sun Dec 05, 2004 5:39 pm    Post subject: Reply with quote

dilandau wrote:
not ok. the second line really makes the longest wait. you say it shouldnt...

Quote:
the first one took the most time, teh second only a notably one second.

I'm confused...
Back to top
View user's profile Send private message
dilandau
Guru
Guru


Joined: 24 May 2003
Posts: 485
Location: germany

PostPosted: Sun Dec 05, 2004 5:41 pm    Post subject: Reply with quote

i commented out two lines. both produce errors. teh first one produces a delay of two seconds, the second one produces a delay of ~30 seconds. the conf file looks ok. i added two times a seemingly missing "" after an = though that didnt change anything. maybe the "" were not needed at all to indicate an empty string. its just annoterh configuration script that sets some variables. expecially the xauthority variable and the display variable are the ones that appeared in the logfile. could there be something with the devices not right? i have no idea.
_________________
gentoo linux - amd duron stalebred 1600 - elsa gladiac 311 (nvidia) - elitegroup k7s5a (sis, lan) - 256mb ram - wintv pci fm - airstar2 dvb-t pci - ide cdwriter - hp psc 1110
Back to top
View user's profile Send private message
jkt
Developer
Developer


Joined: 06 Feb 2004
Posts: 1249
Location: Prague, Czech republic, EU

PostPosted: Sun Dec 05, 2004 5:54 pm    Post subject: Reply with quote

dilandau wrote:
i commented out two lines. both produce errors. teh first one produces a delay of two seconds, the second one produces a delay of ~30 seconds.

so pam_env delays for about 2 secs and pam_xauth for half a minute?

Quote:
the conf file looks ok. i added two times a seemingly missing "" after an = though that didnt change anything. maybe the "" were not needed at all to indicate an empty string. its just annoterh configuration script that sets some variables. expecially the xauthority variable and the display variable are the ones that appeared in the logfile. could there be something with the devices not right? i have no idea.

what "" are you talking about?
Back to top
View user's profile Send private message
dilandau
Guru
Guru


Joined: 24 May 2003
Posts: 485
Location: germany

PostPosted: Sun Dec 05, 2004 5:58 pm    Post subject: Reply with quote

you mentioned /etc/security/pam_env.conf

there was


REMOTEHOST DEFAULT= OVERRIDE=@{PAM_RHOST}
#
# Set the DISPLAY variable if it seems reasonable
DISPLAY DEFAULT="" OVERRIDE=${DISPLAY}
#
# Set the XAUTHORITY variable if pam_xauth is used
XAUTHORITY DEFAULT= OVERRIDE=@{XAUTHORITY}


and i changed it to

REMOTEHOST DEFAULT="" OVERRIDE=@{PAM_RHOST}
#
# Set the DISPLAY variable if it seems reasonable
DISPLAY DEFAULT="" OVERRIDE=${DISPLAY}
#
# Set the XAUTHORITY variable if pam_xauth is used
XAUTHORITY DEFAULT="" OVERRIDE=@{XAUTHORITY}


the problem is still there.
_________________
gentoo linux - amd duron stalebred 1600 - elsa gladiac 311 (nvidia) - elitegroup k7s5a (sis, lan) - 256mb ram - wintv pci fm - airstar2 dvb-t pci - ide cdwriter - hp psc 1110
Back to top
View user's profile Send private message
jkt
Developer
Developer


Joined: 06 Feb 2004
Posts: 1249
Location: Prague, Czech republic, EU

PostPosted: Sun Dec 05, 2004 6:08 pm    Post subject: Reply with quote

my is (after separation fo some comments):
Code:

# First, some special variables
#
# Set the REMOTEHOST variable for any hosts that are remote, default
# to "localhost" rather than not being set at all
# Note: Rather set default to "", as DISPLAY=localhost:0.0 do not work
#       here at least.
REMOTEHOST      DEFAULT= OVERRIDE=@{PAM_RHOST}
#
# Set the DISPLAY variable if it seems reasonable
DISPLAY         DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
#
# Set the XAUTHORITY variable if pam_xauth is used
XAUTHORITY      DEFAULT= OVERRIDE=@{XAUTHORITY}
Back to top
View user's profile Send private message
dilandau
Guru
Guru


Joined: 24 May 2003
Posts: 485
Location: germany

PostPosted: Sun Dec 05, 2004 6:51 pm    Post subject: Reply with quote

i took your line. problem still present.
_________________
gentoo linux - amd duron stalebred 1600 - elsa gladiac 311 (nvidia) - elitegroup k7s5a (sis, lan) - 256mb ram - wintv pci fm - airstar2 dvb-t pci - ide cdwriter - hp psc 1110
Back to top
View user's profile Send private message
jkt
Developer
Developer


Joined: 06 Feb 2004
Posts: 1249
Location: Prague, Czech republic, EU

PostPosted: Sun Dec 05, 2004 6:59 pm    Post subject: Reply with quote

weird :-(. `set`?
Back to top
View user's profile Send private message
dilandau
Guru
Guru


Joined: 24 May 2003
Posts: 485
Location: germany

PostPosted: Sun Dec 05, 2004 7:36 pm    Post subject: Reply with quote

solution:

some autologin hack (?) made the homedir of the user belonging to root. chown <username> /home/<username> repaired everything.
_________________
gentoo linux - amd duron stalebred 1600 - elsa gladiac 311 (nvidia) - elitegroup k7s5a (sis, lan) - 256mb ram - wintv pci fm - airstar2 dvb-t pci - ide cdwriter - hp psc 1110
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum