LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   Can't su into root as normal user (http://www.linuxquestions.org/questions/linux-general-1/cant-su-into-root-as-normal-user-174494/)

darin3200 04-25-2004 05:56 PM

Can't su into root as normal user
 
I added a normal user when I first installed Gentoo and I was always able to su to get root access. But recently I have been unable to get root access using su. I have checked my /etc/group and I am in wheel.
Any ideas on how to fix this
Thanks

SciYro 04-25-2004 06:46 PM

is su in /sbin or /bin?

darin3200 04-25-2004 06:52 PM

/bin

quatsch 04-25-2004 07:17 PM

what actually happens when you use the
su
command? any error messages?

darin3200 04-25-2004 07:39 PM

I type in my root password and I get

Quote:

su: Authentication failure
Sorry.

quatsch 04-25-2004 10:38 PM

can you log in as root at all? Say from a text terminal.

Robert0380 04-25-2004 11:13 PM

{DELETED}

darin3200 04-26-2004 07:37 AM

Quote:

Originally posted by quatsch
can you log in as root at all? Say from a text terminal.
Yeh, i can log out of my user account and then log in as root, but not su from the user account.

quatsch 04-26-2004 11:26 AM

I found this:
http://lists.debian.org/debian-user/.../msg00928.html
seems like it's the same problem and has something to do with
/etc/pam.d/su

zorba4 04-26-2004 01:53 PM

In AIX there is an option when creating a user : "user can su" (yes or not), and "another user can asu to this user" (yes or not).
Is there such an option in Linux ?

darin3200 04-27-2004 08:04 PM

Quote:

Originally posted by quatsch
I found this:
http://lists.debian.org/debian-user/.../msg00928.html
seems like it's the same problem and has something to do with
/etc/pam.d/su

I checked the /etc/pam.d/su file and I don't have the line give by the person the debain mailing list

Nishtya 04-28-2004 02:07 AM

Admittedly know nothing of Gentoo and am newbie, but are you using KDE? Have you recently upgraded to 3.2.2? There is a known bug:
http://www.kde.org/info/3.2.2.php#binary
Perhaps related?

darin3200 06-10-2004 02:54 PM

Sorry for the seriously late reply, I had the problem before kde was installed, I have the following
Code:

#%PAM-1.0
auth      required        /lib/security/pam_rootok.so
# If you want to restrict users begin allowed to su even more,
# create /etc/security/suauth.allow (or to that matter) that is only
# writable by root, and add users that are allowed to su to that
# file, one per line.
#auth      required    /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow

# Uncomment this to allow users in the wheel group to su without
# entering a passwd.
#auth      sufficient  /lib/security/pam_wheel.so use_uid trust

# Alternatively to above, you can implement a list of users that do
# not need to supply a passwd with a list.
#auth      sufficient  /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass

# Comment this to allow any user, even those not in the 'wheel'
# group to su
auth      required    /lib/security/pam_wheel.so use_uid nullok

auth      required        /lib/security/pam_stack.so service=system-auth nullok

account    required        /lib/security/pam_stack.so service=system-auth nullok

password  required        /lib/security/pam_stack.so service=system-auth nullok

session    required        /lib/security/pam_stack.so service=system-auth nullok
session    optional        /lib/security/pam_xauth.so

I have also tried adding the line
Code:

auth      required    /lib/security/pam_unix.so nullock
but this prompts me for the password twice and gives the same error

geekgirl16 03-18-2010 11:03 AM

another solution
 
I found this post while searching for a solution to the same problem. My circumstances were a little different and the solution that worked for me may be relevant to someone else.

My OS is CentOS 5.4 in a production environment with several users who have access to the server for development so adding users to the wheel group in /etc/group is not an ideal solution. We like to try to keep our install as standard as possible across all servers. To that end, here is what I did to troubleshoot

checked permissions on /bin/su. They should be set as setuid...rwsr-xr-x. To make them this way, run chmod u+s /bin/su.

If that works then cat or vi the /etc/pam.d/su file. When I compared this file on the system that didn't work with one that did, I found that the working system had the following line:

#auth required pam_wheel.so use_uid

On the server that didn't work, this line was there but it was not commented out. Changing it to comment it out fixed the issue for me.


All times are GMT -5. The time now is 04:55 AM.