View previous topic :: View next topic |
Author |
Message |
colonists n00b
Joined: 10 Apr 2002 Posts: 11 Location: Long Island, NY
|
Posted: Sat Feb 15, 2003 5:54 pm Post subject: SU: error in serive module (was authentication error) |
|
|
Ok, first off please read this message before getting all angry with a post about su.
I just did a clean install of gentoo 1.4_rc2 and installed gnome2.2 and kde3.1. Everything was going along great until I added a non-root user. I was suddenly denied access to su into root from user mode... 'su: authentication failure"
I looked up if the board had anything on 'su' in the [url]quic[/url]k search, and NOTHING came up. I continued anyway and found all the posts about how you need to put your user in the wheel group etc etc (all of which i did a number of times.) I tried to manually add my user, I used useradd, I changed my primary and secondary group, I did everything that all the posts say to in the FAQ and I changed permissions in this following posting https://forums.gentoo.org/viewtopic.php?t=13934.
I must have inadvertinly messed somehting up as my authentication failure has now become a 'su: error in service module, sorry' error. I do not know what to do. I have recompiled pam, but that did not work. Help me! I need to be able to su. |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
Posted: Sat Feb 15, 2003 6:23 pm Post subject: |
|
|
Moved from Installing Gentoo.
Probably not it, but whats in your /etc/pam.d/su file? _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
colonists n00b
Joined: 10 Apr 2002 Posts: 11 Location: Long Island, NY
|
Posted: Sat Feb 15, 2003 11:16 pm Post subject: /etc/pam.d/su file |
|
|
#%PAM-1.0
auth sufficient /lib/security/pam_rootok.so
# If you want to restrict users begin allowed to su even more,
# create /etc/security/suauth.allow (or to that matter) that is only
# writable by root, and add users that are allowed to su to that
# file, one per line.
auth required /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow
# Uncomment this to allow users in the wheel group to su without
# entering a passwd.
#auth sufficient /lib/security/pam_wheel.so use_uid trust
# Alternatively to above, you can implement a list of users that do
# not need to supply a passwd with a list.
#auth sufficient /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass
# Comment this to allow any user, even those not in the 'wheel'
# group to su
auth required /lib/security/pam_wheel.so use_uid
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_xauth.so
Hope this helps. |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
Posted: Sun Feb 16, 2003 12:08 am Post subject: Re: /etc/pam.d/su file |
|
|
colonists wrote: | auth required /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow | What happens if you comment out this line? _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
colonists n00b
Joined: 10 Apr 2002 Posts: 11 Location: Long Island, NY
|
Posted: Sun Feb 16, 2003 12:20 am Post subject: commenting out the auth line.... |
|
|
OK, I commented out the line, and I am now presented with the error...
su: Authentication failure
Sorry.
Now this needs to get fixed |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
Posted: Sun Feb 16, 2003 1:27 am Post subject: |
|
|
Output from the command "groups" does list wheel, correct? What are your permissions on /bin/su ? _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
colonists n00b
Joined: 10 Apr 2002 Posts: 11 Location: Long Island, NY
|
Posted: Sun Feb 16, 2003 2:30 am Post subject: groups & /bin/su permissions |
|
|
output from groups is: users wheel
ls -l /bin/su
-rwsr-sr-x 1 root root 23948 Feb 7 20:10 /bin/su |
|
Back to top |
|
|
colonists n00b
Joined: 10 Apr 2002 Posts: 11 Location: Long Island, NY
|
Posted: Sun Feb 16, 2003 2:42 am Post subject: just a note |
|
|
In case your wondering, I have tried to set the permission of /bin/su to
-rwsr-sr-x and -rwsr-xr-x and both give me the same authentication failure message. |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
Posted: Sun Feb 16, 2003 3:28 am Post subject: |
|
|
Can root su to another user? _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
colonists n00b
Joined: 10 Apr 2002 Posts: 11 Location: Long Island, NY
|
Posted: Sun Feb 16, 2003 12:25 pm Post subject: in one word... yes |
|
|
Yes, I can su to other users from root. the only time su is denied to me is when i am a user su-ing to root. |
|
Back to top |
|
|
gfdsa n00b
Joined: 01 Jul 2002 Posts: 74
|
Posted: Wed Apr 16, 2003 12:33 am Post subject: |
|
|
well, i just installed 1.4 and had the same issue, solved it by u+s /bin/su
seems its not the case, but anyway, strace could give you a hint imho |
|
Back to top |
|
|
|