Why does "su" reject my password if I can log in as root? wtf?
Just this morning I ssh'd into my gentoo box as my regular user. After I ran "su" to get root access, it said "Authentication failure. Sorry." After retrying my password double-checking that it was correct, I was stumped.
But, I can just go to the machine and log in locally as root, with the same password, and everything works fine? So I'm confused. My regular user is a member of the wheel group. My root password has not changed. I can log in as root from a local terminal. I can log in as root over ssh (after changing my config file for sshd to initally block root logging in) now. But if I log in as my regular user and "su" the password fails. Any tips as to what's going on? |
Re:
The command looks something like this
Code:
USER@HERE$ su - Code:
USER@HERE$ su root |
Quote:
|
Quote:
switching users must be disabled somehow. sorry but i have not come across this issue before. |
Quote:
I am totally at a loss as to how this could have happened overnight, but thanks for the help anyways. |
Is the user you logging in first with in the wheel group
login as root Quote:
You can either manually edit /etc/group file and add the user to the wheel group or Quote:
|
Quote:
Quote:
|
Check your /etc/securetty file.
man securetty <-for more info on what this does. |
Re:
I was thinking maybe you didn't have read + exec permisions on su and sudo. but they run just dont work. I would check your su conf I believe it's pamd or something of that sort. maybe you have a permisions problem. If that was the case check your sudoers file make sure your in there. and also check the options on sudo, to see if it's requesting root password or your own. Also I believe that you can type:
Code:
USER@HERE$ sudo -i I'm not sure about Gentoo but in fc default sudo where the password blank is, that is where you 'USER's password is required not root's password. Gentoo might have defaults diff from fc. |
|
Also check the PAM configuration, such as the files in /etc/security/
The access.conf file might contain a line like: '-:wheel:ALL EXCEPT LOCAL'. I don't know if the PAM access restrictions would apply or not to using "su" but if the authentication is handled by PAM this could be an issue. Also, examine your logs. They should indicate what caused the rejection. |
All times are GMT -5. The time now is 03:17 PM. |