When logged in as a normal, ordinary user, I type 'su', and the system prompts me for a password. I type the password, but then the system displays the message 'Login incorrect'. I know the root password as I have been able to successfully login as root from the main login screen.

I contacted Red Hat support regarding this issue; they asked me to run "sosreport" and send them the resulting sosreport file. The Linux computer is NOT connected to the Internet; it is connected within an internal network-configured system.

Anyway, I followed the steps as written and as directed via phone support WRT running the "sosreport" command. This command generated the file "sosreport-jbottiger.1886840.tar.bz2". Tried to cp and mv the file to a thumb drive, but received an error message every time (i.e., Permission denied, even after 'chmod'ding the file to '777'). Tried changing the file name and redoing the cp and mv commands--same issue. If I mv the file to another directory on the Linux computer, it's OK; but I cannot cp the file to the same directory as I had read permission errors as noted above.

My colleague says that he has done UNIX/Linux administration for over 10 years and has never seen anything like this, including the original issue of not being able to su to root.

Please advise as to what I should do. Thanks.


J. Bottiger

Can you boot linux single?
if so, try to set root password again. with
see if that works rebooting and trying again.

good luck.

Have you lost the sticky bit on /bin/su ?

I believe I did. The permissions are as follows:

/bin directory: drwxr-xr-x
su file (in /bin): -rwxr-xr-x

What should the settings be ('rwt' or 'rws')?

Also, I performed the following commands as per RedHat's guidance:

• Typed 'chmod 1777 for the /tmp dir'
• Typed 'setenforce 0'
• Typed 'lsattr /tmp/sosreport-myname+idno.tar.bz2'

Results as follows:

• tmp directory: drwxrwxrwt root root
• sosreport file: -rw------- root root

Typing the lsattr command exactly as directed yields the following message:

'lsattr: Permission denied While reading flags on /tmp/sosreport-myname+idno.tar.bz2'

Should I have the sticky bit on the tar.bz2 file as well? Please advise. Thanks.

Not on linux right now, but IIRC /bin/su is -rwsr-xr-x . "chmod u+s /bin/su" should work.
I don't know what the sosreport is, but I wouldn't put a sticky bit on anything in /tmp or any other place which is world writable.
After su-ing to root, can you copy the sosreport file?
Are you sure you have write permission to the usb drive? Type "mount" to check. Or check with creating a file on the thumbdrive with touch or whatever.
Alas, if the su problem got solved by correct /bin/su permissions, the sosreport thingy is just of academic interest.

• Performed the action "chmod 4755 /bin/su" (while logged in as root). Permissions now state "rwsr-xr-x".
• Logged out as root, and logged in as a standard user.
• Retried su command - still fails.

Attempted to perform copy on sosreport - stiil fails.

Any suggestions/ideas? Please advise. Thanks.

Actually, if you look at the /tmp directory itself, the sticky bit is set. You want the sticky bit set to prevent one user from deleting another users files. It is used when a directory is world writeable, and doesn't really have much use otherwise.

About the thumb drive, if it is mounted without the permissions you need you can either right click on an automouted icon and change this behavior in the advanced properties.

You can also change the ownership and permissions using the correct options if you manually mount the pendrive.

uid=<yourusername>,gid=<yourgroup>

Also read the man mount page. You can also use fmask and dmask as well.

My bad, confused sticky bit and suid.

Do you have a "/etc/suauth" file?

If so, try "man suauth" and inspect the content of that file for a group your user needs to be a member of, maybe.

That's not too bad - it's the same bit, just different meanings if it's set for a file or a directory.

And I wonder if RHEL is now using SELinux. If so, su is, most probably, one of the highly protected (and restricted) commands.

Can you do a <ctrl>-<alt>-<F3> and log in as "root" that way?

Are you in the sudoers file, and, if so, can you use a sudo ... command to accomplish your goals?

I have not tried that; did you mean to log in as another user, and while logged in as that user perform the <CTRL>+<ALT>+<F3> command?

I'm not sure how I can be in the sudoers file, how I access it or where it is located. Are you stating that I need to be in the sudoers file to perform a sudo ... command? Could I use the sudo ... command from any directory?

No I don't.

can your group 'su'?

check this '/etc/pam.d/su'

try 'sudo su'

config sudo command: 'visudo'

(i use RH4.)

Yes. On most system that will start a mintty session on tty3 where you can log in as, e.g., root and "do your thing."
The sudoers file is normally /etc/sudoers and it's used to control which users may run commands with root access. Once you're in the sudoers file you can, for example, try a sudo su - to start your root terminal session. As a "Catch 22," you must, of course, be logged in as root to view or change the /etc/sudoers file.

I looked at the existing su file; one of my colleagues suggested commenting out one of the lines (that requires a user to be in the pam_wheel.so file/list). Please find attached to this post "before and after" versions of the pam.d file.

etc_pam_d_su_old.txt

etc_pam_d_su_new.txt

I haven't tried the 'sudo su' or 'vi sudo' commands (is that what the latter command was)?

Thanks.