LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 03-09-2009, 09:33 AM   #1
rl92694
LQ Newbie
 
Registered: Jun 2008
Posts: 10

Rep: Reputation: 0
at: Authentication Failure


Over my objections, some of our users want to use at on one of the servers. So I put their usernames in the /etc/at.allow file, but when they try to run at, they get:

$ at
PAM authentication failure: Authentication failure
You do not have permission to use at.

The /etc/at.allow file looks fine. Restarting atd doesn't help. No error messages get logged in /var/log/messages.

So questions:

Does anyone know why I would be getting a PAM authentication failure?

Is there any way to configure atd logging so I can trace exactly why it's failing?

Here's the /etc/pam.d/atd file, just in case:

auth sufficient pam_rootok.so
auth required pam_env.so
auth include system-auth
account include system-auth
session include system-auth
session required pam_loginuid.so

Thanks.
 
Old 03-09-2009, 12:42 PM   #2
rl92694
LQ Newbie
 
Registered: Jun 2008
Posts: 10

Original Poster
Rep: Reputation: 0
So yeah, I fixed this. It turns out to have nothing at all to do with PAM authentication and everything to do with the sticky bit not being set. So all I did was:

chmod u+s /usr/bin/at

And now everything works.

Hooray for misleading error messages.
 
Old 10-21-2009, 07:09 PM   #3
pdr33n
LQ Newbie
 
Registered: Oct 2009
Posts: 1

Rep: Reputation: 0
worked for me too.. if anybody knows a better solution.. tell us.
 
Old 10-22-2009, 01:57 AM   #4
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,280

Rep: Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032
Actually, that's the setuid bit ... you might not want to do that.
 
Old 10-22-2012, 09:33 PM   #5
teqteq
LQ Newbie
 
Registered: Jul 2012
Posts: 2

Rep: Reputation: Disabled
I know this is an old thread, but I never found the answer online, so I thought I'd update this with my solution.

First, granting "u+s" or SETUID permission isn't a good idea because it will then run "at" as the owning user (probably "root") whenever a user executes it. I'm not sure how much permission that gives the user, but I'm thinking that "root" can get "at" to run just about anything.

Now, the solution I found is to find your "at.deny" and/or "at.allow" files (in my case, SUSE 10, it is in "/etc/"), and make sure these files have "read" permission for all users. I don't know why this isn't the default, but it wasn't for me. Once I did this then the error message "You do not have permission to use at" disappeared! I guess it wasn't able to check who didn't have permission in "at.deny" when I ran it as my owner user, so it just denied everyone!

I've got some issues with /var/spool/atjobs now, so I'll update when I've figured that out.

Last edited by teqteq; 10-22-2012 at 09:42 PM. Reason: Part of solution needed more work
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
su root authentication failure exodist Linux - Software 9 08-06-2011 02:31 PM
$su, Authentication Failure Eilya Ubuntu 9 10-14-2008 05:41 AM
dialup authentication failure raypuddy Linux - General 8 05-22-2005 05:00 PM
I cant su anymore (authentication failure) Mr.Ampersand() Linux - Newbie 4 03-22-2005 08:29 AM
authentication failure mendiratta Linux - Security 1 07-03-2004 03:20 AM


All times are GMT -5. The time now is 07:21 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration