LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   Can no longer 'su' (https://www.linuxquestions.org/questions/linux-general-1/can-no-longer-su-57846/)

tisource 05-02-2003 01:09 PM
Can no longer 'su'
 
Okay, I'm posting alot here the past few days. It shows how much I still don't know.

I recently read a security article about linux, and decided I'd better check my security. I fired up Mandrake Control panel to see what options it had. I don't recall changing much at all, in fact I added some permissions to system folders to an "admins" group which I had to remove, as it was causing problems with apache.

Nonetheless, everything is working good now, but I cannot su. I can log in as root, and everything works fine. But if I log in as a normal user, I cannot su. I get 'invalid password'. I can 'su' as my normal user from a root logon, but cannot do the inverse.

I read somewhere that 'shadow passwords' can cause problems if messed up. I don't know much about it...anyone with ideas?

Again, sorry I'm asking more questions than I'm answering, but I guess we all gotta learn some way.

Thanks

fancypiper 05-02-2003 01:42 PM
If you tightened down security, you probably have to add users to the "wheel" group to access admin functions.

jailbait 05-02-2003 02:26 PM
su setup
 
As part of security setup you can allow or disallow users to use the su command. You can also limit what su allows, i.e. you can set up su so that it gives a user less than full root privilages.

I have always used unrestricted su commands and have never messed with it. But I think that when you were browsing through security administration that you probable changed the su security setup.

markus1982 05-02-2003 03:22 PM
Your log files in /var/log will hold valueable information why you haven't been allowed to su.

tisource 05-03-2003 01:04 PM
Okay.....

I checked /var/log, and auth.log shows I ran 'su' but it shows no error. I can't find errors in any of the log files.

I checked permissions, and only root had access to the 'su' command...no one else had ANY permissions, but then that doesn't account for the fact that su did run. I'm kinda baffled on that one.

I gave everyone read permissions to su, and now I get:

su: cannot set groups: Operation not permitted

BTW, I did add my user to the 'wheel' group, and that made no difference. root can login just fine. Wierd.

I still login as root and administer that way, but I am trying to be security conscious and login as my normal user, and 'su' when necessary.

I have no idea how to tweak 'su' in terms of what a 'su' user can do. Ideas?

Thanks for all your help. Learning, slowly, but steadily.

camelrider 05-03-2003 08:51 PM
Have you tried (as root) giving users execute permission to the 'su' file?

Nukes 05-04-2003 09:09 AM
He can access su, look at his post. This is becuase he isn't in the wheel group. edit /etc/group and add your username to the wheel one. Login as root to do this.
There is another way to do it (editing sudoers) but thats pretty tricky and probably beyond you if you're new.

tisource 05-04-2003 03:20 PM
My user is already in the wheel group.

When I set permissions on su, now it says this when I try to run su:
su: cannot set groups: Operation not permitted

I actually looked at sudoers file and I don't see anything that should cause a conflict.


All times are GMT -5. The time now is 08:36 PM.