Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've read many threads on LQ with this same subject and spent hours on google trying to find the right answer, so forgive me if the question is easy and I missed something.
I can no longer su to root on my server when connecting through ssh (not sure about local, not in same state). I can SSH to the server as a user, I can SSH to the server as root if I enable it in sshd_config. However, I can not su to root as the user either from using just 'su' or 'su - root'.
I can su to the user from root, but not vice versa. It gives me an 'Incorrect Password' error. Permissions on /etc/passwd and /etc/shadow are fine. The user is in the wheel group even though I have that requirement disabled in pam. I've reset the root password multiple times. I still can't get in. I'm desperate for ideas as I really don't like having my ssh open to root logins.
I'm not certain if '/etc/securetty' would restrict su'ing to root with the '-' option, which starts a login shell. Since you can log in as root using ssh, this is probably a dead end. You might want to look at the timestamps for your /etc/security/* files and /etc/sudoers and see if any have been modified after you started having the problem. Also, login as root and change your root password. Maybe doing that will help. However, the pam configs or /etc/sudoers seem to be the most likely culprit.
I'm not certain if '/etc/securetty' would restrict su'ing to root with the '-' option, which starts a login shell. Since you can log in as root using ssh, this is probably a dead end. You might want to look at the timestamps for your /etc/security/* files and /etc/sudoers and see if any have been modified after you started having the problem. Also, login as root and change your root password. Maybe doing that will help. However, the pam configs or /etc/sudoers seem to be the most likely culprit.
I've changed the sudoers file to include my default user, still didn't work. So that file did change after the problem started. I didn't check it before so I don't know that that was an issue.
No changes to /etc/security/* files. I've changed the password on root 3 times. No joy.
I don't know which distro you have. Could there be a different log such as /var/log security?
Open up two ssh sessions. One as a regular user; the other logging in as root.
In the first try to su - to root. In the second, look for files modified in the last 3 minutes: #find /var/log -mtime -3.
Check /etc/password, and the environment variables. I wonder if your shell might be restricted?
Can you use sudo? If visudo isn't locked down, you could try "sudo /bin/bash -l".
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.