Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Running Red Hat Enterprise Linux 6.4. We have several servers. On one particular server we can't su to root. Enter password and get error: "could not open session".
I can su - (dash) to root just fine. On all of our other RHEL servers we can su to root just fine.
I have checked several forums and not found this specific problem.
Run "man -k securetty" and examine what you see there.
Do you have the pam_securetty enabled? Is the terminal you're doing the su from in /etc/securetty? Can you do the su if you're in a terminal session on the console but not from other terminal sessions (e.g. PuTTY) over network?
Have you verified the "su" you're running is the same as it is on the other systems (i.e. is there a wrapper script?)
From what you wrote it sounds like you're saying you have the issue on "su" and not "su -". If I have that backwards the issue may be something in the profiles (e.g. /etc/profile, $HOME/.bashrc, $HOME/.bash_profile) that root is invoking on launch that is doing it based on some test.
Make sure you compare findings on each of the above points to the systems where it is working.
Thanks for the response. Let me see if I can answer your questions:
man -k securetty looks the same for all servers.
I am sure we have PAM enabled. I did check securetty and they look the same, but also we have "auth required pam_securetty.so" remmed out in /etc/pam.d/remote, so does this mean that we aren't using securetty?
Another really interesting thing, from the console on the Linux server (it is on a virtual machine), I now cannot log in AT ALL, as any user. No matter what user I try to log in as, even root, I get error "permission denied". This obviously used to work-we had to log into the console to install set up IP and install telnet server so we can telnet to it from other boxes. I can still telnet to the server and login as any user so with my limited knowledge I don't know why I can't log in on the console any more.
I probably have something really messed up! Thanks for the help.
So from the console is it the GUI you can't login to or the command line? If you're at the GUI prompt hit "Ctrl-Alt-F2" to go to a command line terminal and see if login there fails. It may simply be your GUI console is hosed and if so you can restart it.
NOTE: Since you say it is a virtual make sure Ctrl-Alt-F2 has no meaning to whatever virtualization console you're on before you do it. (There may be a way to map it within the virtualization console itself.)
Yep and I'd asked the OP to verify if his issue was just "su" or "su -" suspecting it might be the latter and if so something in the profiles that is blocking. The original post seems to indicate the opposite however (i.e. he is just doing "su" and not "su -".)
Of course if that's the case it might be worthwhile to type "alias" and verify there is no alias setup for "su" but I did also ask for verification that the "su" being invoked is the same as the ones on the other systems.
I am happy to say our issue is resolved. With help from Red Hat support I discovered an errant line in /etc/pam.d/system-auth. Somehow making changes to the file added a line that looked like part of the previous line. That line caused all of our problems.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.