gaga Apprentice
Joined: 27 Apr 2005 Posts: 288
|
Posted: Thu Aug 30, 2007 11:59 am Post subject: [pam] user unable to be root with "su" |
|
|
Hi
excuse me if I write a bag English because I'm french
( here my topic https://forums.gentoo.org/viewtopic-p-4212317.html#4212317 )
my problem is simple : when I am connected with a user (here called "lagaffe")
he can't be "root" by using the "su" command and I don't know why !
the user "lagaffe" is already in the "wheel" group.
I already tested several times to reinstall "pam" and etc-update tell me that all is update
Quote: | Aug 29 21:27:37 schlopa su[8440]: + tty1 root:root
Aug 29 21:27:37 schlopa su[8440]: pam_unix(su:session): session opened for user root by root(uid=0)
Aug 29 21:27:41 schlopa su[8446]: Successful su for lagaffe by root
Aug 29 21:27:41 schlopa su[8446]: + tty1 root:lagaffe
Aug 29 21:27:41 schlopa su[8446]: pam_unix(su:session): session opened for user lagaffe by root(uid=0)
Aug 29 21:27:44 schlopa su[8452]: pam_unix(su:auth): authentication failure; logname=root uid=1000 euid=1000 tty=tty1 ruser=lagaffe rhost= user=root
Aug 29 21:27:46 schlopa su[8452]: pam_authenticate: Échec d'authentification
Aug 29 21:27:46 schlopa su[8452]: FAILED su for root by lagaffe
Aug 29 21:27:46 schlopa su[8452]: - tty1 lagaffe:root
Aug 29 21:27:48 schlopa su[8455]: pam_unix(su:auth): authentication failure; logname=root uid=1000 euid=1000 tty=tty1 ruser=lagaffe rhost= user=root
Aug 29 21:27:50 schlopa su[8455]: pam_authenticate: Échec d'authentification
Aug 29 21:27:50 schlopa su[8455]: FAILED su for root by lagaffe
Aug 29 21:27:50 schlopa su[8455]: - tty1 lagaffe:root
Aug 29 21:27:51 schlopa su[8446]: pam_unix(su:session): session closed for user lagaffe
Aug 29 21:29:17 schlopa login[8357]: PAM _pam_init_handlers: could not open /etc/pam.conf
Aug 29 21:29:17 schlopa login[8357]: PAM pam_start: failed to initialize handlers
Aug 29 21:29:17 schlopa login[8357]: Couldn't initialize PAM: Critical error - immediate abort
Aug 29 21:30:01 schlopa cron[8916]: PAM _pam_init_handlers: could not open /etc/pam.conf
Aug 29 21:30:01 schlopa cron[8916]: PAM pam_start: failed to initialize handlers
Aug 29 21:36:21 schlopa login[9058]: FAILED LOGIN (1) on 'tty2' FOR `root', Authentication failure
Aug 29 21:36:24 schlopa login[9058]: FAILED LOGIN (2) on 'tty2' FOR `UNKNOWN', Authentication failure
Aug 29 21:36:27 schlopa login[9058]: TOO MANY LOGIN TRIES (3) on 'tty2' FOR `UNKNOWN'
Aug 29 21:36:34 schlopa login[19596]: FAILED LOGIN (1) on 'tty2' FOR `root', Authentication failure
Aug 29 21:36:37 schlopa login[19596]: FAILED LOGIN (2) on 'tty2' FOR `UNKNOWN', Authentication failure
Aug 29 21:36:39 schlopa login[19596]: TOO MANY LOGIN TRIES (3) on 'tty2' FOR `UNKNOWN'
Aug 29 21:36:53 schlopa login[19607]: FAILED LOGIN (1) on 'tty2' FOR `lagaffe', Authentication failure
Aug 29 21:36:56 schlopa login[19607]: FAILED LOGIN (2) on 'tty2' FOR `UNKNOWN', Authentication failure
Aug 29 21:36:58 schlopa login[19607]: TOO MANY LOGIN TRIES (3) on 'tty2' FOR `UNKNOWN'
Aug 29 21:42:51 schlopa su[8440]: pam_unix(su:session): session closed for user root
Aug 29 21:42:54 schlopa sshd[8038]: Received signal 15; terminating.
Aug 29 21:44:09 schlopa sshd[8032]: Server listening on :: port 22.
Aug 29 21:44:09 schlopa sshd[8032]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Aug 29 21:44:43 schlopa login[8350]: FAILED LOGIN (1) on 'tty1' FOR `root', Authentication failure
Aug 29 21:52:23 schlopa sshd[8154]: Server listening on :: port 22.
Aug 29 21:52:23 schlopa sshd[8154]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Aug 29 21:52:36 schlopa kdm: :0[8519]: pam_unix(kde-np:session): session opened for user lagaffe by (uid=0)
Aug 29 21:53:37 schlopa su[8713]: pam_unix(su:auth): authentication failure; logname= uid=1000 euid=1000 tty=pts/1 ruser=lagaffe rhost= user=root
Aug 29 21:53:38 schlopa su[8713]: pam_authenticate: Échec d'authentification
Aug 29 21:53:38 schlopa su[8713]: FAILED su for root by lagaffe
Aug 29 21:53:38 schlopa su[8713]: - pts/1 lagaffe:root
Aug 29 21:54:16 schlopa login[8472]: pam_tally(login:auth): unknown option: no_magic_root
Aug 29 21:54:17 schlopa login[8472]: pam_tally(login:account): option deny=0 allowed in auth phase only
Aug 29 21:54:17 schlopa login[8472]: pam_tally(login:account): unknown option: no_magic_root
Aug 29 21:54:17 schlopa login[8472]: pam_tally(login:setcred): unknown option: no_magic_root
Aug 29 21:54:17 schlopa login[8472]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
Aug 29 21:54:17 schlopa login[8759]: ROOT LOGIN on 'tty1' |
Quote: |
#lagaffe@schlopa : su
passwd
The service of authentification could not recover the infos authentification
#lagaffe@schlopa
|
Quote: | emerge -C pam && emerge pam && etc-update |
=> without change
Quote: | $ cat /etc/pam.d/su
#%PAM-1.0
auth sufficient pam_rootok.so
# If you want to restrict users begin allowed to su even more,
# create /etc/security/suauth.allow (or to that matter) that is only
# writable by root, and add users that are allowed to su to that
# file, one per line.
#auth required pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow
# Uncomment this to allow users in the wheel group to su without
# entering a passwd.
#auth sufficient pam_wheel.so use_uid trust
# Alternatively to above, you can implement a list of users that do
# not need to supply a passwd with a list.
#auth sufficient pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass
# Comment this to allow any user, even those not in the 'wheel'
# group to su
auth required pam_wheel.so use_uid
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
session required pam_env.so
session optional pam_xauth.so
|
Quote: |
MessagePosté le: Jeu Aoû 30, 2007 11:52 am Sujet du message: Signaler ce post à un modérateur. Répondre en citant Editer/Supprimer ce message
Citation:
$ cat /etc/pam.d/su
#%PAM-1.0
auth sufficient pam_rootok.so
# If you want to restrict users begin allowed to su even more,
# create /etc/security/suauth.allow (or to that matter) that is only
# writable by root, and add users that are allowed to su to that
# file, one per line.
#auth required pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow
# Uncomment this to allow users in the wheel group to su without
# entering a passwd.
#auth sufficient pam_wheel.so use_uid trust
# Alternatively to above, you can implement a list of users that do
# not need to supply a passwd with a list.
#auth sufficient pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass
# Comment this to allow any user, even those not in the 'wheel'
# group to su
auth required pam_wheel.so use_uid
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
session required pam_env.so
session optional pam_xauth.so
|
Quote: |
$ cat /etc/group
root::0:root
bin::1:root,bin,daemon
daemon::2:root,bin,daemon
sys::3:root,bin,adm
adm::4:root,adm,daemon
tty::5:
disk::6:root,adm,haldaemon
lp::7:lp
mem::8:
kmem::9:
wheel::10:root,lagaffe,temp
floppy::11:root,haldaemon,lagaffe
mail::12:mail
news::13:news
uucp:!:14:uucp,nut
man::15:man
console::17:
audio::18:lagaffe
cdrom::19:haldaemon,lagaffe
dialout::20:root
tape::26:root
video::27:root,lagaffe
cdrw::80:haldaemon
usb::85:haldaemon,lagaffe
users::100:games,lagaffe
nofiles:x:200:
smmsp:x:209:smmsp
portage::250:portage,lagaffe
utmp:x:406:
nogroup::65533:
nobody::65534:
ldap:x:439:
sshd:x:22:
messagebus:x:440:
mysql:x:60:
lpadmin:x:106:
cron:x:16:
postgres:x:70:
crontab:x:441:
netdev:x:442:
avahi:x:443:
avahi-autoipd:x:444:
haldaemon:x:445:haldaemon
plugdev:x:446:haldaemon,lagaffe
apache:x:81:
xfs:x:33:
gkrellmd:x:447:
beagleindex:x:448:
nut:!:84:nut
games:x:35:lagaffe
locate:x:245:
lagaffe:x:1000:
p2p:x:1001:
tcpdump:x:1002:
vmware:x:1003:
qemu:x:1004:
eclipse:x:1005:
temp:x:1006:
schlopa:x:1007:
|
please help me !
thank you a lot !
gaga |
|