On one of my Gentoo systems if I try to su to a regular user account it asks me to "reenter password". On other systems it doesn't do this, it just switches to the specified user.
So what have I changed to make su act this way?
Why is su asking root to reenter password?
Message
Re: Why is su asking root to reenter password?
What is in "/etc/pam.d/su"?dsegel wrote:On one of my Gentoo systems if I try to su to a regular user account it asks me to "reenter password". On other systems it doesn't do this, it just switches to the specified user.
So what have I changed to make su act this way?
/etc/pam.d/su is identical as well:
Code: Select all
#%PAM-1.0
auth sufficient pam_rootok.so
# If you want to restrict users begin allowed to su even more,
# create /etc/security/suauth.allow (or to that matter) that is only
# writable by root, and add users that are allowed to su to that
# file, one per line.
#auth required pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow
# Uncomment this to allow users in the wheel group to su without
# entering a passwd.
#auth sufficient pam_wheel.so use_uid trust
# Alternatively to above, you can implement a list of users that do
# not need to supply a passwd with a list.
#auth sufficient pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass
# Comment this to allow any user, even those not in the 'wheel'
# group to su
auth required pam_wheel.so use_uid
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
session required pam_env.so
session optional pam_xauth.soAre you trying to su from the root account to another account? If so then "auth sufficient pam_rootok.so" shoulddsegel wrote:/etc/pam.d/su is identical as well:Code: Select all
#%PAM-1.0 auth sufficient pam_rootok.so # If you want to restrict users begin allowed to su even more, # create /etc/security/suauth.allow (or to that matter) that is only # writable by root, and add users that are allowed to su to that # file, one per line. #auth required pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow # Uncomment this to allow users in the wheel group to su without # entering a passwd. #auth sufficient pam_wheel.so use_uid trust # Alternatively to above, you can implement a list of users that do # not need to supply a passwd with a list. #auth sufficient pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass # Comment this to allow any user, even those not in the 'wheel' # group to su auth required pam_wheel.so use_uid auth include system-auth account include system-auth password include system-auth session include system-auth session required pam_env.so session optional pam_xauth.so
do it.
Otherwise, you'll need to uncomment the "auth sufficient pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass" line and set up a /etc/security/suauth.nopass
Yes, I'm trying to su from root to a regular user - I'm actually trying to run a scp command via cron as a user who has a key setup to allow login to a particular server.embobo wrote: Are you trying to su from the root account to another account? If so then "auth sufficient pam_rootok.so" should
do it.
Otherwise, you'll need to uncomment the "auth sufficient pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass" line and set up a /etc/security/suauth.nopass
It still doesn't work, but for the time being I just allowed the user in question to use cron instead.