Authentication Issue su/sudo/pam Debian
 

Heyas,

Ive got an odd issue and i think ive narrowed it down to possibly PAM but i need some extra help for the community.

Issue:
I can login via ssh to my machine as a normal user but when i try to su to root gives me this error

xxxx@Halcon:/moo$ su
Password:
su: Authentication failure

The auth.log shows this:

Mar 21 19:14:15 Halcon unix_chkpwd[26449]: check pass; user unknown
Mar 21 19:14:15 Halcon unix_chkpwd[26449]: password check failed for user (root)
Mar 21 19:14:15 Halcon su[26448]: pam_unix(su:auth): authentication failure; logname=root uid=1000 euid=1000 tty=/dev/pts/5 ruser=xxxx rhost= user=root
Mar 21 19:14:18 Halcon su[26448]: pam_authenticate: Authentication failure
Mar 21 19:14:18 Halcon su[26448]: FAILED su for root by xxxx
Mar 21 19:14:18 Halcon su[26448]: – /dev/pts/5 xxxx:root

Also have noticed this with password change:

xxxx@Halcon:/moo$ passwd xxxx
Changing password for xxxx.
(current) UNIX password:
passwd: Authentication token manipulation error
passwd: password unchanged

Auth.log Shows:

Mar 21 19:17:46 Halcon unix_chkpwd[26503]: check pass; user unknown
Mar 21 19:17:50 Halcon unix_chkpwd[26504]: check pass; user unknown
Mar 21 19:17:50 Halcon unix_chkpwd[26504]: password check failed for user (xxxx)
Mar 21 19:17:50 Halcon passwd[26502]: pam_unix(passwd:chauthtok): authentication failure; logname=root uid=1000 euid=1000 tty= ruser= rhost= user=xxxx

Sudo also gives me this
xxxx@Halcon:/moo$ sudo
sudo: must be setuid root

my user is in sudoers

Ive checked the perms on passwd and shadow
-rw-r----- 1 root shadow 1975 Mar 21 18:47 /etc/shadow
-rw-r--r-- 1 root root 2288 Mar 21 18:47 /etc/passwd

I tried creating a new user with guid of root and uid of 0 .. didnt work.

however if i allow root to ssh in it lets me in. its just the su/sudo/passwd that doesnt work.

If you guys have any suggestions or information that would be great, i have been looking all over the net yet have found nothing , thanks

edit: if i login via root into ssh i can su to xxxx (no passwd required) lets me straight in.

What are the permission of the sudo and su binaries (i.e. /bin/su and /usr/bin/sudo)? Is it possible that they don't have the setuid bit set? The permissions of your passwd and shadow file look correct (at least they match my Debian box). Also, can you post your /etc/pam.d/common-auth?

-rwsr-xr-x 1 root root 28448 Jul 24 2009 /bin/su
-rwsr-xr-x 2 root root 127856 Mar 12 09:52 /usr/bin/sudo

looks like the setuid bit is set.


#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
auth [success=1 default=ignore] pam_unix.so nullok_secure
# here's the fallback if no module succeeds
auth requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth required pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config

Issue RESOLVED:

i ran 'sudo bash'

sudo: /etc/sudoers is mode 0777, should be 0440
sudo: no valid sudoers sources found, quitting

chmod 0440 /etc/sudoers

works