Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Okay, I'm posting alot here the past few days. It shows how much I still don't know.
I recently read a security article about linux, and decided I'd better check my security. I fired up Mandrake Control panel to see what options it had. I don't recall changing much at all, in fact I added some permissions to system folders to an "admins" group which I had to remove, as it was causing problems with apache.
Nonetheless, everything is working good now, but I cannot su. I can log in as root, and everything works fine. But if I log in as a normal user, I cannot su. I get 'invalid password'. I can 'su' as my normal user from a root logon, but cannot do the inverse.
I read somewhere that 'shadow passwords' can cause problems if messed up. I don't know much about it...anyone with ideas?
Again, sorry I'm asking more questions than I'm answering, but I guess we all gotta learn some way.
As part of security setup you can allow or disallow users to use the su command. You can also limit what su allows, i.e. you can set up su so that it gives a user less than full root privilages.
I have always used unrestricted su commands and have never messed with it. But I think that when you were browsing through security administration that you probable changed the su security setup.
I checked /var/log, and auth.log shows I ran 'su' but it shows no error. I can't find errors in any of the log files.
I checked permissions, and only root had access to the 'su' command...no one else had ANY permissions, but then that doesn't account for the fact that su did run. I'm kinda baffled on that one.
I gave everyone read permissions to su, and now I get:
su: cannot set groups: Operation not permitted
BTW, I did add my user to the 'wheel' group, and that made no difference. root can login just fine. Wierd.
I still login as root and administer that way, but I am trying to be security conscious and login as my normal user, and 'su' when necessary.
I have no idea how to tweak 'su' in terms of what a 'su' user can do. Ideas?
Thanks for all your help. Learning, slowly, but steadily.
He can access su, look at his post. This is becuase he isn't in the wheel group. edit /etc/group and add your username to the wheel one. Login as root to do this.
There is another way to do it (editing sudoers) but thats pretty tricky and probably beyond you if you're new.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.