LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Grrrrr can't login as normal user only root (https://www.linuxquestions.org/questions/linux-newbie-8/grrrrr-cant-login-as-normal-user-only-root-925086/)

rbees 01-22-2012 08:54 AM

Grrrrr can't login as normal user only root
 
The host is my external firewall. Running Debian Squeeze. No gui, and hardened. Originally it was setup as a Lenny box. Here some time ago I upgraded it to Squeeze. Every thing was fine.

I aquired a serial console unit and I was getting it set up to see if it worked. I does. But durring the proccess I lost the ability to login to the host with a normal user. I have looked at the files I changed to set it up but can't locate anything that should have changed the login permissions.

I created a new user but can't login with that account either. I ran # passwd -u <user> on the original account but no joy. When I try with the original user I do get a brief message about the last login and then I am returned to the standard login when the machine first boot. With the new user I get a "permission denied" message before I am returned to the standard login screen.

I am able to login as root at the regular console and at the serial console, but not as a regular user.

I resized the partitions to be sure that it was not a space size problem like I had one time before. The dirve it runs on is only 4g. No joy.

There were some entries in the log about some pam modules not being there. I looked at another maching that I can login to and there were some symlinks missing . I put them in the directory but, No Joy :(

Login attempts by the new user account are logged in /var/log/auth.log, as well as successfull root logins, but logins via the existing user don't show up. :scratch:

So far google has not helped much.

Any thoughts / places to look?

Thanks

pingu 01-22-2012 09:20 AM

I suggest you start with checking permissins for both /home and users home partition.
Also check users HOME & login-shell in /etc/fstab if you haven't done so already.

rbees 01-22-2012 09:20 AM

Side note:

I do use Webmin on the serever and I am able to access it via the old standard user as normal.

rbees 01-22-2012 09:30 AM

Thanks pingu,

The premissions on the users folders is normal. I am assuming that you ment /etc/passwd and not fstab. Yes the home folder is correct and the login shell is correct /bin/bash

rbees 01-22-2012 09:47 AM

Not so sure about the permissions on the partitions its self.

/home ext3 defaults,nosuid 0 2

tredegar 01-22-2012 09:49 AM

Please check the free space on your disk filesystems.
A full filesystem (>95% usually) will make logins fail for all, except the root user.

rbees 01-22-2012 10:46 AM

Thanks tredegar,

already done that, see my original post

The porblem seams no have come from no where.

I checked for new users, thinking that someone had broke in but there are none.

pingu 01-22-2012 11:09 AM

Let's see now:
(First, of course I meant /etc/passwd and not /etc/fstab! Sorry, but good you're alert! :p )
The line for /home in your /etc/fstab looks ok.
How about permissions on the directory & subdirectories of /home?
But reading your first post again I'm beginning to think it's something else:
Quote:

There were some entries in the log about some pam modules not being there. I looked at another maching that I can login to and there were some symlinks missing . I put them in the directory but, No Joy
So maybe there's an error with PAM - I haven't actually fiddled with pam at all so can't really help you with that.
Just a few thoughts: if some pam modules are missing it might be you can't just add symlinks, you will have to install correct modules.
Or it could also be a pam-configuration issue - must be some reason for symlinks not being in place!?

Suggestions:
1) Read logs carefully - all logs. See if you can find anything that can point you in right direction (pam problem is just a guess!)
2) Unmount /home, create a new user and see if it works.
3) Go the *-way, reboot..
4) For what it's worth, post output of "df", " ls -l /", "ls -l /home"

( "*" : "It-that-Must-Not-Be-Named" .. :p )

rbees 01-22-2012 12:23 PM

chkrootkit shows

Checking `bindshell` INFECTED (PORTS: 15 24 4000 6667 31337)

But this appears to be a false positive of PortSentry which is running on this host.

There is also

Checking `scalper` Warning: Possible scalper worm installed

But this also a false positive of PortSentry

pingu;

the symlinks point to an existing module in the directory.

The box has been rebooted

df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sdb1 505860 139922 339836 30% /
tmpfs 509416 0 509416 0% /lib/init/rw
udev 504952 164 504788 1% /dev
tmpfs 509416 0 509416 0% /dev/shm
/dev/sdb9 670720 57348 579240 10% /home
/dev/sdb8 373359 6175 347911 2% /tmp
/dev/sdb5 1265240 762408 438580 64% /usr
/dev/sdb6 1176840 451712 665296 41% /var

ls -l /
total 61
drwxr-xr-x 2 root root 5120 Aug 11 23:47 bin
drwxr-xr-x 3 root root 1024 Jan 19 18:51 boot
lrwxrwxrwx 1 root root 11 Dec 10 2008 cdrom -> media/cdrom
drwxr-xr-x 15 root root 3180 Jan 20 16:24 dev
drwxr-xr-x 97 root root 8192 Jan 22 10:38 etc
drwxr-xr-x 6 root root 4096 Dec 16 2010 home
lrwxrwxrwx 1 root root 28 Aug 12 15:34 initrd.img -> boot/initrd.img-2.6.32
-5-486
drwxr-xr-x 11 root root 9216 Nov 17 09:48 lib
drwx------ 2 root root 12288 Dec 10 2008 lost+found
drwxr-xr-x 12 root root 1024 Dec 11 2008 media
drwxr-xr-x 2 root root 1024 Nov 4 2008 mnt
drwxr-xr-x 2 root root 1024 Dec 10 2008 opt
dr-xr-xr-x 112 root root 0 Jan 20 11:22 proc
drwxr-xr-x 8 root root 1024 Jan 19 19:30 root
drwxr-xr-x 2 root root 5120 Nov 17 09:47 sbin
drwxr-xr-x 2 root root 1024 Sep 16 2008 selinux
drwxr-xr-x 2 root root 1024 Dec 10 2008 srv
drwxr-xr-x 12 root root 0 Jan 20 11:22 sys
drwxrwxrwt 8 root root 1024 Jan 22 12:39 tmp
drwxr-xr-x 11 root root 4096 Jan 20 10:22 usr
drwxr-xr-x 16 root root 4096 Jan 20 10:17 var
lrwxrwxrwx 1 root root 25 Aug 12 15:34 vmlinuz -> boot/vmlinuz-2.6.32-5-486
-rw-r--r-- 1 root root 1028 Oct 10 11:40 webmin-setup.out


ls -l /home
total 28
-rw-r--r-- 1 root root 0 Jun 28 2009 log
drwx------ 2 root root 16384 Dec 10 2008 lost+found
drwxr-xr-x 5 root root 4096 Dec 16 2010 mounts # some nfs mounts
drwxr-xr-x 2 named named 4096 Jun 28 2009 named # bind config
drwxr-xr-x 14 smoke smoke 4096 Dec 17 19:34 smoke # normal user


All times are GMT -5. The time now is 05:11 AM.