Problem using "su" command

properganda · 02-06-2008, 05:04 AM

I'm trying to use a non-root username to login to my server using ssh, but when I log in and then try to switch to super-user I get this:

user1@properganda ~ $ su root
su: Authentication failure
Sorry.

I've had a look at chmodding the "su" command to 755 etc, but that doesn't solve the issue and I don't beleive it should be necessary. Any ideas?

colucix · 02-06-2008, 05:09 AM

What system is this? If Ubuntu, it does not allow root login (actually the root account is locked) and you should use sudo instead. Also, have you been prompted for password?

properganda · 02-06-2008, 05:19 AM

It's gentoo.

Root login is allowed but to harden security I want to disallow it. I thought "sudo"
was only a debian/ubuntu thing, but will give sudo a try.

rpgraca · 02-06-2008, 05:34 AM

In gentoo, I think the user must be in the 'wheel' group do have root access.

colucix · 02-06-2008, 05:40 AM

Also, check if the suid bit of /bin/su is set:

Code:

ls -l /bin/su
-rwsr-xr-x 1 root root 28336 Apr 17  2007 /bin/su

properganda · 02-06-2008, 06:20 AM

Thanks for the help guys, I ran this line as root:

gpasswd -a user1 wheel

and then logged in as user1 and ran the su command but still get the authentication failure.

properganda · 02-06-2008, 06:21 AM

Quote:

Originally Posted by colucix

Also, check if the suid bit of /bin/su is set:

Code:

ls -l /bin/su
-rwsr-xr-x 1 root root 28336 Apr 17  2007 /bin/su

what do you mean by this?

Nathanael · 02-06-2008, 06:25 AM

he is pointing out the lower case 's' where you would expect an x (-rws instead of -rwx)
which would mean that the bin is executed as the user owning the file, not the user calling the command
a must for su

properganda · 02-06-2008, 06:39 AM

thanks, well I've got

"-rwx--x--x 1 root root 25084 2008-01-17 19:23 su"

So that would seem to be ok.

colucix · 02-06-2008, 06:40 AM

Thanks Nathanael, I should have used a more visible color:

Code:

-rwsr-xr-x 1 root root 28336 Apr 17  2007 /bin/su

If eventually it is not set, use

Code:

chmod +s /bin/su

Edit: just seen your last post. No, it should be as above - as Nathanael explained. Try the chmod command, then try su again.

Nathanael · 02-06-2008, 06:43 AM

Quote:

Originally Posted by colucix

Edit: just seen your last post. No, it should be as above - as Nathanael explained. Try the chmod command, then try su again.

for the chmod to work you need to be root, so i would either login directly as root or use sudo to get there, as you will lack permissions to set the premission pit on that file otherwise.

looks to me like you muddled up a little with your chmod experiment you mentioned in one of the earlier posts....