Did you know LQ has a Linux Hardware Compatibility List?
Go Back > Forums > Linux Forums > Linux - General
User Name
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.


  Search this Thread
Old 03-09-2009, 10:33 AM   #1
LQ Newbie
Registered: Jun 2008
Posts: 10

Rep: Reputation: 0
at: Authentication Failure

Over my objections, some of our users want to use at on one of the servers. So I put their usernames in the /etc/at.allow file, but when they try to run at, they get:

$ at
PAM authentication failure: Authentication failure
You do not have permission to use at.

The /etc/at.allow file looks fine. Restarting atd doesn't help. No error messages get logged in /var/log/messages.

So questions:

Does anyone know why I would be getting a PAM authentication failure?

Is there any way to configure atd logging so I can trace exactly why it's failing?

Here's the /etc/pam.d/atd file, just in case:

auth sufficient
auth required
auth include system-auth
account include system-auth
session include system-auth
session required

Old 03-09-2009, 01:42 PM   #2
LQ Newbie
Registered: Jun 2008
Posts: 10

Original Poster
Rep: Reputation: 0
So yeah, I fixed this. It turns out to have nothing at all to do with PAM authentication and everything to do with the sticky bit not being set. So all I did was:

chmod u+s /usr/bin/at

And now everything works.

Hooray for misleading error messages.
Old 10-21-2009, 08:09 PM   #3
LQ Newbie
Registered: Oct 2009
Posts: 1

Rep: Reputation: 0
worked for me too.. if anybody knows a better solution.. tell us.
Old 10-22-2009, 02:57 AM   #4
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.7, Centos 5.10
Posts: 16,919

Rep: Reputation: 2214Reputation: 2214Reputation: 2214Reputation: 2214Reputation: 2214Reputation: 2214Reputation: 2214Reputation: 2214Reputation: 2214Reputation: 2214Reputation: 2214
Actually, that's the setuid bit ... you might not want to do that.
Old 10-22-2012, 10:33 PM   #5
LQ Newbie
Registered: Jul 2012
Posts: 2

Rep: Reputation: Disabled
I know this is an old thread, but I never found the answer online, so I thought I'd update this with my solution.

First, granting "u+s" or SETUID permission isn't a good idea because it will then run "at" as the owning user (probably "root") whenever a user executes it. I'm not sure how much permission that gives the user, but I'm thinking that "root" can get "at" to run just about anything.

Now, the solution I found is to find your "at.deny" and/or "at.allow" files (in my case, SUSE 10, it is in "/etc/"), and make sure these files have "read" permission for all users. I don't know why this isn't the default, but it wasn't for me. Once I did this then the error message "You do not have permission to use at" disappeared! I guess it wasn't able to check who didn't have permission in "at.deny" when I ran it as my owner user, so it just denied everyone!

I've got some issues with /var/spool/atjobs now, so I'll update when I've figured that out.

Last edited by teqteq; 10-22-2012 at 10:42 PM. Reason: Part of solution needed more work


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
su root authentication failure exodist Linux - Software 9 08-06-2011 03:31 PM
$su, Authentication Failure Eilya Ubuntu 9 10-14-2008 06:41 AM
dialup authentication failure raypuddy Linux - General 8 05-22-2005 06:00 PM
I cant su anymore (authentication failure) Mr.Ampersand() Linux - Newbie 4 03-22-2005 09:29 AM
authentication failure mendiratta Linux - Security 1 07-03-2004 04:20 AM

All times are GMT -5. The time now is 01:16 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration