View previous topic :: View next topic |
Author |
Message |
m27315 Apprentice
Joined: 10 Dec 2004 Posts: 253 Location: 2 workstations down
|
Posted: Wed Dec 29, 2004 4:48 am Post subject: su fail: Cannot execute /bin/bash: Permission denied |
|
|
Whenever I log in as root and try to su to a regular user, I get the following error:
Code: | [root@mymachine]$ su myuser
Cannot execute /bin/bash: Permission denied
|
If I try to login as this user from the primary console, I get:
Code: | mymachine login: myuser
Password:
login(pam_unix)[7908]: session opened for user myuser by (uid=0)
No directory /home/myuser
login(pam_unix[7908]: session closed for user myuser |
I used to be able to login using this user id (BTW, I tried creating a new user - that didn't help). The directory /home/myuser does indeed exist, and I can see it as root. The owner:group are set to myuser:users for the home directory.
I think it is something wrong with my /etc/fstab, because of the login error, "No directory /home/myuser". However, after trying several variations in the /etc/fstab options for root, /home, and /www, I have all but given up. Here's my /etc/fstab:
Code: | cat /etc/fstab | grep -v '#'
/dev/hda1 /boot ext2 noauto,noatime 1 2
/dev/hdb6 / reiserfs noatime,user,exec,suid 0 0
/dev/hdb7 /home ext3 noatime,user,exec 0 0
/dev/hdb8 swap swap sw,pri=1 0 0
/dev/hdb9 /www reiserfs noatime,user,exec 0 0
/dev/cdroms/cdrom0 /mnt/cdrom0 auto noauto,user 0 0
/dev/cdroms/cdrom /mnt/cdrom auto noauto,user 0 0
/dev/fd0 /mnt/floppy auto noauto,user 0 0
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0 |
I have tried many other things related to su fails per other posts in the gentoo forum, which are documented here:
I have emerged the latest versions of pam and shadow:
Code: | sys-apps/shadow-4.0.6
sys-libs/pam-0.77-r4 |
Per this post https://forums.gentoo.org/viewtopic.php?t=13934 and bug report https://bugs.gentoo.org/show_bug.cgi?id=56129, all my permissions seem to be correct for files related to the shadow suid bug:
Code: | ls -l $(cat /var/db/pkg/sys-apps/shadow-4.0.6/CONTENTS | grep /bin/ | awk '{print $2}')
-rwxr-xr-x 1 root root 6372 Dec 28 22:22 /bin/groups
-rwsr-xr-x 1 root root 28640 Dec 28 22:22 /bin/passwd
-rwsr-xr-x 1 root root 24532 Dec 28 22:22 /bin/su
-rwsr-xr-x 1 root root 37664 Dec 28 22:22 /usr/bin/chage
-rwsr-xr-x 1 root root 29608 Dec 28 22:22 /usr/bin/chfn
-rwsr-xr-x 1 root root 29684 Dec 28 22:22 /usr/bin/chsh
-rwsr-xr-x 1 root root 17824 Dec 28 22:22 /usr/bin/expiry
-rwxr-xr-x 1 root root 7952 Dec 28 22:22 /usr/bin/faillog
-rwsr-xr-x 1 root root 37216 Dec 28 22:22 /usr/bin/gpasswd
-rwxr-xr-x 1 root root 6308 Dec 28 22:22 /usr/bin/lastlog
-rwsr-xr-x 1 root root 24352 Dec 28 22:22 /usr/bin/newgrp
lrwxrwxrwx 1 root root 11 Dec 28 22:22 /usr/bin/passwd -> /bin/passwd
lrwxrwxrwx 1 root root 6 Dec 28 22:22 /usr/bin/sg -> newgrp |
I commented out the lines in my /etc/pam.conf file, per this post: https://forums.gentoo.org/viewtopic.php?t=249744
Code: | #REMOTEHOST DEFAULT= OVERRIDE=@{PAM_RHOST}
#DISPLAY DEFAULT= OVERRIDE=@{DISPLAY}
#XAUTHORITY DEFAULT= OVERRIDE=@{XAUTHORITY} |
I disabled the need for users to be in the wheel group, per this post https://forums.gentoo.org/viewtopic.php?t=246959:
Code: | #
# If "yes", the user must be listed as a member of the first gid 0 group
# in /etc/group (called "root" on most Linux systems) to be able to "su"
# to uid 0 accounts. If the group doesn't exist or is empty, no one
# will be able to "su" to uid 0.
#
SU_WHEEL_ONLY no |
Finally, I tried to duplicate the pam functionality, per the tail of this post https://forums.gentoo.org/viewtopic.php?t=246959, by setting up this config file:
Code: | echo "ALL:ALL EXCEPT GROUP wheel:DENY" > /etc/suauth |
I think something is wrong with fstab, but I haven't been able to figure it out. Since I am trying to set up a web-server, any additional advice related to customizing /etc/fstab for apache2 would be greatly appreciated.
(BTW, I did reboot several times during this week long process.) |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
Posted: Wed Dec 29, 2004 6:43 am Post subject: |
|
|
Maybe this thread can help. _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
m27315 Apprentice
Joined: 10 Dec 2004 Posts: 253 Location: 2 workstations down
|
Posted: Thu Dec 30, 2004 12:36 am Post subject: |
|
|
That was the problem! Thanks, pjp!!!
For everybody else:
I had performed the following steps to update my system:
Code: | # emerge --update --deep --newuse world
# emerge depclean
# revdep-rebuild |
and when I finished the permissions on my root directory looked like:
Code: | drwxr-x--- 25 root root 592 Dec 29 18:26 . |
I also emerged a few other applications, but updating the entire box was the cause noted in the above mentioned post.
After adding read and execute access to the root directory, everything worked great!
This fixed the "403 Permission denied" error that Apache was giving me too!
Thanks!!! |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|