Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
belong to wheel group, but can't su to root.
View unanswered posts
View posts from last 24 hours

Goto page 1, 2  Next  
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
lolita_daydream
n00b
n00b


Joined: 23 Sep 2002
Posts: 5

PostPosted: Mon Sep 23, 2002 12:43 am    Post subject: belong to wheel group, but can't su to root. Reply with quote

greetings.
as the subject line says, i can't su to root, even though i belong to the wheel group. i checked /etc/group, and it confirms this.
any help would be greatly appreciated.
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 20067

PostPosted: Mon Sep 23, 2002 12:59 am    Post subject: Reply with quote

Have you logged out since the user was added to the group? Does running 'groups' verify membership?
_________________
Quis separabit? Quo animo?
Back to top
View user's profile Send private message
rac
Bodhisattva
Bodhisattva


Joined: 30 May 2002
Posts: 6553
Location: Japanifornia

PostPosted: Mon Sep 23, 2002 1:32 am    Post subject: Reply with quote

"newgrp -" should be sufficient if you don't want to log out.
_________________
For every higher wall, there is a taller ladder
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 20067

PostPosted: Mon Sep 23, 2002 1:34 am    Post subject: Reply with quote

I thought there was an easier way, just couldn't recall what it was.
_________________
Quis separabit? Quo animo?
Back to top
View user's profile Send private message
lolita_daydream
n00b
n00b


Joined: 23 Sep 2002
Posts: 5

PostPosted: Mon Sep 23, 2002 3:32 am    Post subject: Reply with quote

Quote:
Have you logged out since the user was added to the group?


i've done so many times. this has been a problem for about a week now, since i reinstalled to upgrade to gentoo 1.4

i'm presently running as root fulltime.
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 20067

PostPosted: Mon Sep 23, 2002 3:44 am    Post subject: Reply with quote

What is in /etc/suauth and /etc/pam.d/su?
_________________
Quis separabit? Quo animo?
Back to top
View user's profile Send private message
rac
Bodhisattva
Bodhisattva


Joined: 30 May 2002
Posts: 6553
Location: Japanifornia

PostPosted: Mon Sep 23, 2002 4:01 am    Post subject: Reply with quote

...and what does su give you as a reason for failure? Can root su to ordinary users?
_________________
For every higher wall, there is a taller ladder
Back to top
View user's profile Send private message
mikegr
n00b
n00b


Joined: 20 Aug 2002
Posts: 11
Location: Linz, Austria

PostPosted: Mon Sep 23, 2002 8:36 pm    Post subject: Reply with quote

I have the same problem, I got the message:
su: Authentication failure

I can login as the user and as root. The user is in the wheel group. I can sudo without password, but cannot when a password is required.(Uncomment the line in /etc/sudoers)

I 've no /etc/suauth and the /etc/pam.d/su looks like this:

#%PAM-1.0

auth sufficient /lib/security/pam_rootok.so
auth required /lib/security/pam_wheel.so use_uid
auth required /lib/security/pam_stack.so service=system-auth

account required /lib/security/pam_stack.so service=system-auth

password required /lib/security/pam_stack.so service=system-auth

session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_xauth.so


Maybe this information helps someone, getting an answer.
Back to top
View user's profile Send private message
lolita_daydream
n00b
n00b


Joined: 23 Sep 2002
Posts: 5

PostPosted: Mon Sep 23, 2002 10:35 pm    Post subject: Reply with quote

its the same for me as for mikegr, above.

my su also fails with the message:
su: Authentication failure

i have no /etc/suauth either, and my /etc/pam.d/su is exactly the same.
Back to top
View user's profile Send private message
rac
Bodhisattva
Bodhisattva


Joined: 30 May 2002
Posts: 6553
Location: Japanifornia

PostPosted: Mon Sep 23, 2002 11:12 pm    Post subject: Reply with quote

Attention! The following question may be extremely stupid. Reading this question may cause you to laugh at the questioner, or get angry with them for insulting your intelligence. You have been warned. :P

People having problems: are you typing your user's password at the Password: prompt instead of root's password?
_________________
For every higher wall, there is a taller ladder
Back to top
View user's profile Send private message
Logik
n00b
n00b


Joined: 15 Aug 2002
Posts: 9
Location: Michigan

PostPosted: Mon Sep 23, 2002 11:54 pm    Post subject: Reply with quote

Quote:

People having problems: are you typing your user's password at the Password: prompt instead of root's password?


LOL, that is hilarious... i am almost willing to bet that's the problem too.. clever... for some reason i would've never thought about that...
_________________
Kyle
Back to top
View user's profile Send private message
lolita_daydream
n00b
n00b


Joined: 23 Sep 2002
Posts: 5

PostPosted: Tue Sep 24, 2002 3:27 am    Post subject: Reply with quote

Quote:
People having problems: are you typing your user's password at the Password: prompt instead of root's password?


that is funny.
and, no im not.
Back to top
View user's profile Send private message
McManus
Apprentice
Apprentice


Joined: 10 Apr 2002
Posts: 176
Location: Austin, TX

PostPosted: Tue Sep 24, 2002 4:49 am    Post subject: Reply with quote

I guessed it might have been an issue with pam, so I re-emerged with -march=athlon-mp -O2 -pipe but still no go. What is the dealy-o?

(and ha, I _wish_ it was as simple as typing in the wrong password; I actually checked to make sure I was typing it in correctly :) )
_________________
McManus
----
Linux user #267375 - http://counter.li.org
Back to top
View user's profile Send private message
rac
Bodhisattva
Bodhisattva


Joined: 30 May 2002
Posts: 6553
Location: Japanifornia

PostPosted: Tue Sep 24, 2002 5:29 am    Post subject: Reply with quote

Anybody affected have permissions on /var/run/utmp that are different from 664 root.utmp? Also, does anybody have grsecurity (or any other security-related things) enabled in their kernels?
_________________
For every higher wall, there is a taller ladder
Back to top
View user's profile Send private message
pilla
Bodhisattva
Bodhisattva


Joined: 07 Aug 2002
Posts: 7729
Location: Underworld

PostPosted: Tue Sep 24, 2002 1:02 pm    Post subject: Reply with quote

Same as me, but it works.

I barelly remember... I think I had to make something about it the first time I installed gentoo.


lolita_daydream wrote:
its the same for me as for mikegr, above.

my su also fails with the message:
su: Authentication failure

i have no /etc/suauth either, and my /etc/pam.d/su is exactly the same.
Back to top
View user's profile Send private message
HogRider
Apprentice
Apprentice


Joined: 29 May 2002
Posts: 160

PostPosted: Tue Sep 24, 2002 1:16 pm    Post subject: Reply with quote

Just to clarify:
Are you typing in your user password for sudo?
And your root password for su?

Perhaps it would help to post your /etc/groups....

usermod's -g & -G are sometimes troublesome
_________________
Mike

"Computers are like air conditioners, they stop working properly if you open Windows"
perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
Back to top
View user's profile Send private message
lolita_daydream
n00b
n00b


Joined: 23 Sep 2002
Posts: 5

PostPosted: Tue Sep 24, 2002 1:29 pm    Post subject: Reply with quote

Quote:
Anybody affected have permissions on /var/run/utmp that are different from 664 root.utmp? Also, does anybody have grsecurity (or any other security-related things) enabled in their kernels?


my permissions are also 664 root.utmp.
and i do not have grsecurity enabled in my kernel.

Quote:
Perhaps it would help to post your /etc/groups....


my /etc/group:

root::0:root
bin::1:root,bin,daemon
daemon::2:root,bin,daemon
sys::3:root,bin,adm
adm::4:root,adm,daemon
tty::5:
disk::6:root,adm
lp::7:lp
mem::8:
kmem::9:
wheel::10:root,lolita
floppy::11:root
mail::12:mail
news::13:news
uucp::14:uucp
man::15:man
cron::16:cron
console::17:
audio::18:
cdrom::19:
dialout::20:root
ftp::21:
sshd::22:
at::25:at
tape::26:root
video::27:root
squid::31:squid
gdm::32:gdm
xfs::33:xfs
games::35:
named::40:named
mysql:x:60:
postgres::70:
cdrw::80:
apache::81:
nut::84:
usb::85:
vpopmail:x:89:
users::100:games,lolita
nofiles:x:200:
qmail:x:201:
postfix:x:207:
postdrop:x:208:
utmp:x:406:
nogroup::65533:
nobody::65534:
Back to top
View user's profile Send private message
Roptaty
Apprentice
Apprentice


Joined: 12 May 2002
Posts: 184
Location: Norway

PostPosted: Tue Sep 24, 2002 4:21 pm    Post subject: Reply with quote

Have you looked at the logs?
Back to top
View user's profile Send private message
McManus
Apprentice
Apprentice


Joined: 10 Apr 2002
Posts: 176
Location: Austin, TX

PostPosted: Wed Oct 02, 2002 12:16 am    Post subject: Reply with quote

Did any of y'all fix this on your system, yet? I just did a complete re-install, and it still doesn't work. Should I file it as a bug? Did I miss something really simple? Am I just retarded? :) Let me know, please!
_________________
McManus
----
Linux user #267375 - http://counter.li.org
Back to top
View user's profile Send private message
HogRider
Apprentice
Apprentice


Joined: 29 May 2002
Posts: 160

PostPosted: Wed Oct 02, 2002 12:57 pm    Post subject: Reply with quote

Wait a minute...... :roll:

I was reading back through the thread, and realized we're looking at two separate issues.

Quote:
lolita_daydream Posted: Sun Sep 22, 2002 7:43 pm Post subject: belong to wheel group, but can't su to root.

--------------------------------------------------------------------------------

greetings.
as the subject line says, i can't su to root, even though i belong to the wheel group. i checked /etc/group, and it confirms this.
any help would be greatly appreciated.


Is questioning su, whereas

Quote:
mikegr Posted: Mon Sep 23, 2002 3:36 pm Post subject:

--------------------------------------------------------------------------------

I have the same problem, I got the message:
su: Authentication failure

I can login as the user and as root. The user is in the wheel group. I can sudo without password, but cannot when a password is required.(Uncomment the line in /etc/sudoers)

I 've no /etc/suauth and the /etc/pam.d/su looks like this:

#%PAM-1.0

auth sufficient /lib/security/pam_rootok.so
auth required /lib/security/pam_wheel.so use_uid
auth required /lib/security/pam_stack.so service=system-auth

account required /lib/security/pam_stack.so service=system-auth

password required /lib/security/pam_stack.so service=system-auth

session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_xauth.so


Maybe this information helps someone, getting an answer.


Relates to sudo.

These are separate issues. su should work if the user is part of the wheel group. sudo should work if the user & specific command are listed in /etc/sudoers.

password for su=%rootpasswd%
password for sudo=%userpasswd%

Let's identify the specific problem, and try to resolve it.
_________________
Mike

"Computers are like air conditioners, they stop working properly if you open Windows"
perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
Back to top
View user's profile Send private message
McManus
Apprentice
Apprentice


Joined: 10 Apr 2002
Posts: 176
Location: Austin, TX

PostPosted: Thu Oct 03, 2002 2:00 am    Post subject: Reply with quote

Erm, I know that I am having issues with 'su' and that others are having problems with 'su' as well. I know 'su' should work if my users are in the 'wheel' group. Well, they are and it doesn't work.
_________________
McManus
----
Linux user #267375 - http://counter.li.org
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 20067

PostPosted: Thu Oct 03, 2002 2:14 am    Post subject: Reply with quote

lolita_daydream: Is your problem with su, or sudo?
_________________
Quis separabit? Quo animo?
Back to top
View user's profile Send private message
8230
n00b
n00b


Joined: 16 Oct 2002
Posts: 10

PostPosted: Wed Oct 16, 2002 7:50 pm    Post subject: Reply with quote

I see no one has yet mentioned "visudo". I have users that are not in the "wheel" group and I just used visudo to add
their names to the sudoers file and it works just fine.
Back to top
View user's profile Send private message
blatch
n00b
n00b


Joined: 15 Oct 2002
Posts: 59
Location: bloomington, in

PostPosted: Thu Oct 17, 2002 3:06 am    Post subject: Reply with quote

Code:
 bash-2.05a# useradd (username)
bash-2.05a# usermod -g wheel


works for me :)[/code]
_________________
blatch.net
Back to top
View user's profile Send private message
rac
Bodhisattva
Bodhisattva


Joined: 30 May 2002
Posts: 6553
Location: Japanifornia

PostPosted: Thu Oct 17, 2002 4:39 am    Post subject: Reply with quote

Why do you want to set wheel to be your user's primary group? How is this better than making it a secondary group with the -G option?
_________________
For every higher wall, there is a taller ladder
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum