Running Red Hat Enterprise Linux 6.4. We have several servers. On one particular server we can't su to root. Enter password and get error: "could not open session".

I can su - (dash) to root just fine. On all of our other RHEL servers we can su to root just fine.

I have checked several forums and not found this specific problem.

Any help would be appreciate. Thanks!

Run "man -k securetty" and examine what you see there.

Do you have the pam_securetty enabled? Is the terminal you're doing the su from in /etc/securetty? Can you do the su if you're in a terminal session on the console but not from other terminal sessions (e.g. PuTTY) over network?

Have you verified the "su" you're running is the same as it is on the other systems (i.e. is there a wrapper script?)

From what you wrote it sounds like you're saying you have the issue on "su" and not "su -". If I have that backwards the issue may be something in the profiles (e.g. /etc/profile, $HOME/.bashrc, $HOME/.bash_profile) that root is invoking on launch that is doing it based on some test.

Make sure you compare findings on each of the above points to the systems where it is working.

1 members found this post helpful.

Thanks for the response. Let me see if I can answer your questions:
man -k securetty looks the same for all servers.

I am sure we have PAM enabled. I did check securetty and they look the same, but also we have "auth required pam_securetty.so" remmed out in /etc/pam.d/remote, so does this mean that we aren't using securetty?

Another really interesting thing, from the console on the Linux server (it is on a virtual machine), I now cannot log in AT ALL, as any user. No matter what user I try to log in as, even root, I get error "permission denied". This obviously used to work-we had to log into the console to install set up IP and install telnet server so we can telnet to it from other boxes. I can still telnet to the server and login as any user so with my limited knowledge I don't know why I can't log in on the console any more.

I probably have something really messed up! Thanks for the help.

So from the console is it the GUI you can't login to or the command line? If you're at the GUI prompt hit "Ctrl-Alt-F2" to go to a command line terminal and see if login there fails. It may simply be your GUI console is hosed and if so you can restart it.

NOTE: Since you say it is a virtual make sure Ctrl-Alt-F2 has no meaning to whatever virtualization console you're on before you do it. (There may be a way to map it within the virtualization console itself.)

On the console it is just a command prompt. We don't use a gui.

Thanks.

There is a big difference in "su " and "su - "

su -
is a shortcut for

Yep and I'd asked the OP to verify if his issue was just "su" or "su -" suspecting it might be the latter and if so something in the profiles that is blocking. The original post seems to indicate the opposite however (i.e. he is just doing "su" and not "su -".)

Of course if that's the case it might be worthwhile to type "alias" and verify there is no alias setup for "su" but I did also ask for verification that the "su" being invoked is the same as the ones on the other systems.

I am happy to say our issue is resolved. With help from Red Hat support I discovered an errant line in /etc/pam.d/system-auth. Somehow making changes to the file added a line that looked like part of the previous line. That line caused all of our problems.

Thanks to all who responded.

1 members found this post helpful.

Glad you got it fixed. Please mark the thread as solved so that other having similar issue in future can more quickly find threads with solutions.