SU: error in serive module (was authentication error)

colonists

Ok, first off please read this message before getting all angry with a post about su.

I just did a clean install of gentoo 1.4_rc2 and installed gnome2.2 and kde3.1. Everything was going along great until I added a non-root user. I was suddenly denied access to su into root from user mode... 'su: authentication failure"

I looked up if the board had anything on 'su' in the [url]quic[/url]k search, and NOTHING came up. I continued anyway and found all the posts about how you need to put your user in the wheel group etc etc (all of which i did a number of times.) I tried to manually add my user, I used useradd, I changed my primary and secondary group, I did everything that all the posts say to in the FAQ and I changed permissions in this following posting https://forums.gentoo.org/viewtopic.php?t=13934.

I must have inadvertinly messed somehting up as my authentication failure has now become a 'su: error in service module, sorry' error. I do not know what to do. I have recompiled pam, but that did not work. Help me! I need to be able to su.

pjp · Administrator Joined: 16 Apr 2002 Posts: 20067

Moved from Installing Gentoo.

Probably not it, but whats in your /etc/pam.d/su file?
_________________
Quis separabit? Quo animo?

colonists · Posted: Sat Feb 15, 2003 11:16 pm Post subject: /etc/pam.d/su file

#%PAM-1.0

auth sufficient /lib/security/pam_rootok.so

# If you want to restrict users begin allowed to su even more,
# create /etc/security/suauth.allow (or to that matter) that is only
# writable by root, and add users that are allowed to su to that
# file, one per line.
auth required /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow

# Uncomment this to allow users in the wheel group to su without
# entering a passwd.
#auth sufficient /lib/security/pam_wheel.so use_uid trust

# Alternatively to above, you can implement a list of users that do
# not need to supply a passwd with a list.
#auth sufficient /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass

# Comment this to allow any user, even those not in the 'wheel'
# group to su
auth required /lib/security/pam_wheel.so use_uid

auth required /lib/security/pam_stack.so service=system-auth

account required /lib/security/pam_stack.so service=system-auth

password required /lib/security/pam_stack.so service=system-auth

session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_xauth.so

Hope this helps.

pjp · Administrator Joined: 16 Apr 2002 Posts: 20067

colonists · Posted: Sun Feb 16, 2003 12:20 am Post subject: commenting out the auth line....

OK, I commented out the line, and I am now presented with the error...

su: Authentication failure
Sorry.

Now this needs to get fixed

pjp · Administrator Joined: 16 Apr 2002 Posts: 20067

Output from the command "groups" does list wheel, correct? What are your permissions on /bin/su ?
_________________
Quis separabit? Quo animo?

colonists · Posted: Sun Feb 16, 2003 2:30 am Post subject: groups & /bin/su permissions

output from groups is: users wheel

ls -l /bin/su

-rwsr-sr-x 1 root root 23948 Feb 7 20:10 /bin/su

colonists · Posted: Sun Feb 16, 2003 2:42 am Post subject: just a note

In case your wondering, I have tried to set the permission of /bin/su to

-rwsr-sr-x and -rwsr-xr-x and both give me the same authentication failure message.

pjp · Administrator Joined: 16 Apr 2002 Posts: 20067

Can root su to another user?
_________________
Quis separabit? Quo animo?

colonists · Posted: Sun Feb 16, 2003 12:25 pm Post subject: in one word... yes

Yes, I can su to other users from root. the only time su is denied to me is when i am a user su-ing to root.

gfdsa · n00b Joined: 01 Jul 2002 Posts: 74

well, i just installed 1.4 and had the same issue, solved it by u+s /bin/su

seems its not the case, but anyway, strace could give you a hint imho