Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[pam] user unable to be root with "su"
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Duplicate Threads
View previous topic :: View next topic  
Author Message
gaga
Apprentice
Apprentice


Joined: 27 Apr 2005
Posts: 288

PostPosted: Thu Aug 30, 2007 11:59 am    Post subject: [pam] user unable to be root with "su" Reply with quote

Hi

excuse me if I write a bag English because I'm french
( here my topic https://forums.gentoo.org/viewtopic-p-4212317.html#4212317 )

my problem is simple : when I am connected with a user (here called "lagaffe")
he can't be "root" by using the "su" command and I don't know why !

the user "lagaffe" is already in the "wheel" group.
I already tested several times to reinstall "pam" and etc-update tell me that all is update

Quote:
Aug 29 21:27:37 schlopa su[8440]: + tty1 root:root
Aug 29 21:27:37 schlopa su[8440]: pam_unix(su:session): session opened for user root by root(uid=0)
Aug 29 21:27:41 schlopa su[8446]: Successful su for lagaffe by root
Aug 29 21:27:41 schlopa su[8446]: + tty1 root:lagaffe
Aug 29 21:27:41 schlopa su[8446]: pam_unix(su:session): session opened for user lagaffe by root(uid=0)
Aug 29 21:27:44 schlopa su[8452]: pam_unix(su:auth): authentication failure; logname=root uid=1000 euid=1000 tty=tty1 ruser=lagaffe rhost= user=root
Aug 29 21:27:46 schlopa su[8452]: pam_authenticate: Échec d'authentification
Aug 29 21:27:46 schlopa su[8452]: FAILED su for root by lagaffe
Aug 29 21:27:46 schlopa su[8452]: - tty1 lagaffe:root
Aug 29 21:27:48 schlopa su[8455]: pam_unix(su:auth): authentication failure; logname=root uid=1000 euid=1000 tty=tty1 ruser=lagaffe rhost= user=root
Aug 29 21:27:50 schlopa su[8455]: pam_authenticate: Échec d'authentification
Aug 29 21:27:50 schlopa su[8455]: FAILED su for root by lagaffe
Aug 29 21:27:50 schlopa su[8455]: - tty1 lagaffe:root
Aug 29 21:27:51 schlopa su[8446]: pam_unix(su:session): session closed for user lagaffe
Aug 29 21:29:17 schlopa login[8357]: PAM _pam_init_handlers: could not open /etc/pam.conf
Aug 29 21:29:17 schlopa login[8357]: PAM pam_start: failed to initialize handlers
Aug 29 21:29:17 schlopa login[8357]: Couldn't initialize PAM: Critical error - immediate abort
Aug 29 21:30:01 schlopa cron[8916]: PAM _pam_init_handlers: could not open /etc/pam.conf
Aug 29 21:30:01 schlopa cron[8916]: PAM pam_start: failed to initialize handlers
Aug 29 21:36:21 schlopa login[9058]: FAILED LOGIN (1) on 'tty2' FOR `root', Authentication failure
Aug 29 21:36:24 schlopa login[9058]: FAILED LOGIN (2) on 'tty2' FOR `UNKNOWN', Authentication failure
Aug 29 21:36:27 schlopa login[9058]: TOO MANY LOGIN TRIES (3) on 'tty2' FOR `UNKNOWN'
Aug 29 21:36:34 schlopa login[19596]: FAILED LOGIN (1) on 'tty2' FOR `root', Authentication failure
Aug 29 21:36:37 schlopa login[19596]: FAILED LOGIN (2) on 'tty2' FOR `UNKNOWN', Authentication failure
Aug 29 21:36:39 schlopa login[19596]: TOO MANY LOGIN TRIES (3) on 'tty2' FOR `UNKNOWN'
Aug 29 21:36:53 schlopa login[19607]: FAILED LOGIN (1) on 'tty2' FOR `lagaffe', Authentication failure
Aug 29 21:36:56 schlopa login[19607]: FAILED LOGIN (2) on 'tty2' FOR `UNKNOWN', Authentication failure
Aug 29 21:36:58 schlopa login[19607]: TOO MANY LOGIN TRIES (3) on 'tty2' FOR `UNKNOWN'
Aug 29 21:42:51 schlopa su[8440]: pam_unix(su:session): session closed for user root
Aug 29 21:42:54 schlopa sshd[8038]: Received signal 15; terminating.
Aug 29 21:44:09 schlopa sshd[8032]: Server listening on :: port 22.
Aug 29 21:44:09 schlopa sshd[8032]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Aug 29 21:44:43 schlopa login[8350]: FAILED LOGIN (1) on 'tty1' FOR `root', Authentication failure
Aug 29 21:52:23 schlopa sshd[8154]: Server listening on :: port 22.
Aug 29 21:52:23 schlopa sshd[8154]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Aug 29 21:52:36 schlopa kdm: :0[8519]: pam_unix(kde-np:session): session opened for user lagaffe by (uid=0)
Aug 29 21:53:37 schlopa su[8713]: pam_unix(su:auth): authentication failure; logname= uid=1000 euid=1000 tty=pts/1 ruser=lagaffe rhost= user=root
Aug 29 21:53:38 schlopa su[8713]: pam_authenticate: Échec d'authentification
Aug 29 21:53:38 schlopa su[8713]: FAILED su for root by lagaffe
Aug 29 21:53:38 schlopa su[8713]: - pts/1 lagaffe:root
Aug 29 21:54:16 schlopa login[8472]: pam_tally(login:auth): unknown option: no_magic_root
Aug 29 21:54:17 schlopa login[8472]: pam_tally(login:account): option deny=0 allowed in auth phase only
Aug 29 21:54:17 schlopa login[8472]: pam_tally(login:account): unknown option: no_magic_root
Aug 29 21:54:17 schlopa login[8472]: pam_tally(login:setcred): unknown option: no_magic_root
Aug 29 21:54:17 schlopa login[8472]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
Aug 29 21:54:17 schlopa login[8759]: ROOT LOGIN on 'tty1'



Quote:

#lagaffe@schlopa : su
passwd
The service of authentification could not recover the infos authentification
#lagaffe@schlopa



Quote:
emerge -C pam && emerge pam && etc-update


=> without change

Quote:
$ cat /etc/pam.d/su
#%PAM-1.0

auth sufficient pam_rootok.so

# If you want to restrict users begin allowed to su even more,
# create /etc/security/suauth.allow (or to that matter) that is only
# writable by root, and add users that are allowed to su to that
# file, one per line.
#auth required pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow

# Uncomment this to allow users in the wheel group to su without
# entering a passwd.
#auth sufficient pam_wheel.so use_uid trust

# Alternatively to above, you can implement a list of users that do
# not need to supply a passwd with a list.
#auth sufficient pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass

# Comment this to allow any user, even those not in the 'wheel'
# group to su
auth required pam_wheel.so use_uid

auth include system-auth

account include system-auth

password include system-auth

session include system-auth
session required pam_env.so
session optional pam_xauth.so


Quote:


MessagePosté le: Jeu Aoû 30, 2007 11:52 am Sujet du message: Signaler ce post à un modérateur. Répondre en citant Editer/Supprimer ce message
Citation:

$ cat /etc/pam.d/su
#%PAM-1.0

auth sufficient pam_rootok.so

# If you want to restrict users begin allowed to su even more,
# create /etc/security/suauth.allow (or to that matter) that is only
# writable by root, and add users that are allowed to su to that
# file, one per line.
#auth required pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow

# Uncomment this to allow users in the wheel group to su without
# entering a passwd.
#auth sufficient pam_wheel.so use_uid trust

# Alternatively to above, you can implement a list of users that do
# not need to supply a passwd with a list.
#auth sufficient pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass

# Comment this to allow any user, even those not in the 'wheel'
# group to su
auth required pam_wheel.so use_uid

auth include system-auth

account include system-auth

password include system-auth

session include system-auth
session required pam_env.so
session optional pam_xauth.so





Quote:

$ cat /etc/group
root::0:root
bin::1:root,bin,daemon
daemon::2:root,bin,daemon
sys::3:root,bin,adm
adm::4:root,adm,daemon
tty::5:
disk::6:root,adm,haldaemon
lp::7:lp
mem::8:
kmem::9:
wheel::10:root,lagaffe,temp
floppy::11:root,haldaemon,lagaffe
mail::12:mail
news::13:news
uucp:!:14:uucp,nut
man::15:man
console::17:
audio::18:lagaffe
cdrom::19:haldaemon,lagaffe
dialout::20:root
tape::26:root
video::27:root,lagaffe
cdrw::80:haldaemon
usb::85:haldaemon,lagaffe
users::100:games,lagaffe
nofiles:x:200:
smmsp:x:209:smmsp
portage::250:portage,lagaffe
utmp:x:406:
nogroup::65533:
nobody::65534:
ldap:x:439:
sshd:x:22:
messagebus:x:440:
mysql:x:60:
lpadmin:x:106:
cron:x:16:
postgres:x:70:
crontab:x:441:
netdev:x:442:
avahi:x:443:
avahi-autoipd:x:444:
haldaemon:x:445:haldaemon
plugdev:x:446:haldaemon,lagaffe
apache:x:81:
xfs:x:33:
gkrellmd:x:447:
beagleindex:x:448:
nut:!:84:nut
games:x:35:lagaffe
locate:x:245:
lagaffe:x:1000:
p2p:x:1001:
tcpdump:x:1002:
vmware:x:1003:
qemu:x:1004:
eclipse:x:1005:
temp:x:1006:
schlopa:x:1007:


please help me !

thank you a lot !

gaga
Back to top
View user's profile Send private message
nixnut
Administrator
Administrator


Joined: 09 Apr 2004
Posts: 10973
Location: the dutch mountains

PostPosted: Thu Aug 30, 2007 5:51 pm    Post subject: Reply with quote

Moved from Installing Gentoo to Duplicate Threads.
See https://forums.gentoo.org/viewtopic-t-11126.html
_________________
Please add [solved] to the initial post's subject line if you feel your problem is resolved. Help answer the unanswered

talk is cheap. supply exceeds demand
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Duplicate Threads All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum