not able to su

manoj.linux · 09-13-2012, 06:36 AM

Hi,

I am not able to su - root, below are permission set on su

bash-3.00$ su -
root's Password:
3004-307 You are not allowed to su to this account.

bash-3.00$ ls -l su
-r-sr-xr-x 1 root security 32732 Apr 03 2009 su

Please suggest.

pixellany · 09-13-2012, 06:49 AM

I'm not sure it has anything to do with the permissions on the "su" executable file---can you "su" to any user?

Who is in the "security" group

acid_kewpie · 09-13-2012, 06:51 AM

All part of the standard configuration, plenty of docs around if you look - http://www.ibm.com/developerworks/ai...oup/index.html

manoj.linux · 09-17-2012, 12:16 AM

Thanks acid_kewpie for your response. I have checked the site, and checkef on server , as for as settings are concerned itlook OK, but still unable to get the root cause for unable to su -.

I am able to su - to any oher Normal user then root.

# lsuser -a sugroups root
root sugroups=All

NevemTeve · 09-17-2012, 05:53 AM

Are you member of group security or not?

manoj.linux · 09-17-2012, 11:38 PM

Yes,

Below is output of id command.

bash-3.00# id
uid=0(root) gid=0(system) groups=2(bin),3(sys),7(security),8(cron),10(audit),11(lp)

acid_kewpie · 09-18-2012, 02:11 AM

what? But.. you ARE root..??? AND very very clearly NOT in the sugroups group. Did you not read anything we've said?

NevemTeve · 09-18-2012, 03:33 AM

Yes, it's a bit confusing: you are root-user, and you want to execute 'su -'? Why?

manoj.linux · 09-19-2012, 11:08 PM

Thanks acid_kewpie , NevemTeve for your response.

the output which I have send is from VIO Server then mkvt -id (problematic server), not Directly from vio client (Problematic Server),

we dont have directly root login enabled.

I am a able to su to any normal user other then root,

I have checked root is in su groups

# lsuser -a sugroups root
root sugroups=All

NevemTeve · 09-20-2012, 02:28 AM

No. The user that wants to became root should be in the group security (or which), not the root itself.

cliffordw · 09-21-2012, 12:09 AM

Quote:

Originally Posted by manoj.linux

the output which I have send is from VIO Server then mkvt -id (problematic server), not Directly from vio client (Problematic Server),

Am I reading this correctly - is it on a VIO server (rather than an AIX partition) that you are trying to su to root? The normal way of becoming root on a VIO server is with the

Quote:

oem_setup_env

command, and not with su.

manoj.linux · 09-21-2012, 01:17 AM

This is on AIX Partition only not on vio server.

acid_kewpie · 09-21-2012, 01:53 AM

Quote:

Originally Posted by manoj.linux

This is on AIX Partition only not on vio server.

Don't say things that are not relevant then.

We've told you what's wrong, and asked you questions you've not answered... what else do you expect from us??