Authentication Issue su/sudo/pam Debian
Heyas,
Ive got an odd issue and i think ive narrowed it down to possibly PAM but i need some extra help for the community. Issue: I can login via ssh to my machine as a normal user but when i try to su to root gives me this error xxxx@Halcon:/moo$ su Password: su: Authentication failure The auth.log shows this: Mar 21 19:14:15 Halcon unix_chkpwd[26449]: check pass; user unknown Mar 21 19:14:15 Halcon unix_chkpwd[26449]: password check failed for user (root) Mar 21 19:14:15 Halcon su[26448]: pam_unix(su:auth): authentication failure; logname=root uid=1000 euid=1000 tty=/dev/pts/5 ruser=xxxx rhost= user=root Mar 21 19:14:18 Halcon su[26448]: pam_authenticate: Authentication failure Mar 21 19:14:18 Halcon su[26448]: FAILED su for root by xxxx Mar 21 19:14:18 Halcon su[26448]: – /dev/pts/5 xxxx:root Also have noticed this with password change: xxxx@Halcon:/moo$ passwd xxxx Changing password for xxxx. (current) UNIX password: passwd: Authentication token manipulation error passwd: password unchanged Auth.log Shows: Mar 21 19:17:46 Halcon unix_chkpwd[26503]: check pass; user unknown Mar 21 19:17:50 Halcon unix_chkpwd[26504]: check pass; user unknown Mar 21 19:17:50 Halcon unix_chkpwd[26504]: password check failed for user (xxxx) Mar 21 19:17:50 Halcon passwd[26502]: pam_unix(passwd:chauthtok): authentication failure; logname=root uid=1000 euid=1000 tty= ruser= rhost= user=xxxx Sudo also gives me this xxxx@Halcon:/moo$ sudo sudo: must be setuid root my user is in sudoers Ive checked the perms on passwd and shadow -rw-r----- 1 root shadow 1975 Mar 21 18:47 /etc/shadow -rw-r--r-- 1 root root 2288 Mar 21 18:47 /etc/passwd I tried creating a new user with guid of root and uid of 0 .. didnt work. however if i allow root to ssh in it lets me in. its just the su/sudo/passwd that doesnt work. If you guys have any suggestions or information that would be great, i have been looking all over the net yet have found nothing , thanks edit: if i login via root into ssh i can su to xxxx (no passwd required) lets me straight in. |
What are the permission of the sudo and su binaries (i.e. /bin/su and /usr/bin/sudo)? Is it possible that they don't have the setuid bit set? The permissions of your passwd and shadow file look correct (at least they match my Debian box). Also, can you post your /etc/pam.d/common-auth?
|
-rwsr-xr-x 1 root root 28448 Jul 24 2009 /bin/su
-rwsr-xr-x 2 root root 127856 Mar 12 09:52 /usr/bin/sudo looks like the setuid bit is set. # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) auth [success=1 default=ignore] pam_unix.so nullok_secure # here's the fallback if no module succeeds auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around auth required pam_permit.so # and here are more per-package modules (the "Additional" block) # end of pam-auth-update config |
Issue RESOLVED:
i ran 'sudo bash' sudo: /etc/sudoers is mode 0777, should be 0440 sudo: no valid sudoers sources found, quitting chmod 0440 /etc/sudoers works |
All times are GMT -5. The time now is 02:53 AM. |