LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 01-02-2011, 08:38 AM   #1
iamotor
LQ Newbie
 
Registered: Jan 2011
Posts: 4

Rep: Reputation: 0
Pam_start error 26


Hi there,

I have a problem when I want to use su I get this error:

Code:
su: pam_start: error 26
I have googled it so I found this topic (http://www.linuxquestions.org/questi...r-26-a-615024/) but it didn't really help me. There was a reply on that topic and his question was what the output of this was:

Code:
ldd /usr/bin/passwd
and

Code:
ls -l /lib/libpam.*
The output of that command is:
Code:
vc:/home/itopia# ldd /usr/bin/passwd
        linux-gate.so.1 =>  (0xb778d000)
        libpam.so.0 => /lib/libpam.so.0 (0xb777c000)
        libpam_misc.so.0 => /lib/libpam_misc.so.0 (0xb7779000)
        libselinux.so.1 => /lib/libselinux.so.1 (0xb775f000)
        libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7604000)
        libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7600000)
        /lib/ld-linux.so.2 (0xb778e000)
and

Code:
lrwxrwxrwx 1 root root    17 2010-12-16 14:22 /lib/libpam.so.0 -> libpam.so.0.81.12
-rwxr-xr-x 1 root root 40440 2009-03-18 01:03 /lib/libpam.so.0.81.12
I also read that the permission can be wrong with this kind of an error. So this are the permission of the /etc/pam.d directory:
Code:
drw-r--r--  2 root root 4096 2010-12-16 15:20 .
drwxr-x--x 68 root root 4096 2011-01-02 17:58 ..
-rw-r--r--  1 root root  384 2009-11-14 15:36 chfn
-rw-r--r--  1 root root  581 2009-11-14 15:36 chsh
-rw-r--r--  1 root root  392 2010-12-16 15:26 common-account
-rw-r--r--  1 root root  436 2010-12-16 15:26 common-auth
-rw-r--r--  1 root root 1212 2010-12-16 15:26 common-password
-rw-r--r--  1 root root  372 2010-12-16 15:26 common-session
-rw-r--r--  1 root root  289 2008-09-28 11:14 cron
-rw-r--r--  1 root root 3217 2009-11-14 15:36 login
-rw-r--r--  1 root root  520 2009-03-18 00:58 other
-rw-r--r--  1 root root   92 2009-11-14 15:36 passwd
-rw-r--r--  1 root root  370 2009-10-27 11:12 proftpd
-rw-r--r--  1 root root 1272 2008-02-08 01:29 sshd
-rw-r--r--  1 root root 2305 2009-11-14 15:36 su
-rw-r--r--  1 root root  119 2010-06-11 17:37 sudo
And this are the permissions of /usr/bin/ssh:
Code:
-rwxr-x--x  1 root root     332928 2009-01-14 01:40 ssh


I have no idea what to do. I can use sudo su and add an account to a group what's allowed to use sudo. But that is not secure enough.

Hope you guys can help me.

Wouter.

Last edited by iamotor; 01-02-2011 at 01:32 PM. Reason: Adding some additional information
 
Old 01-02-2011, 09:27 AM   #2
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 13.1
Posts: 1,330

Rep: Reputation: 254Reputation: 254Reputation: 254
What's inside /etc/pam.d/su, maybe one rule is broken? When I get you right, it's just this command but not others, so something in su's rules is not working I would assume.

I don't get the idea of
Quote:
"But that is not secure enough."
you would prefer su instead of sudo? Why ahould it be more safe? Anyway, you can use pam_access to specify an additional list of allowed users to each command.
 
Old 01-02-2011, 01:23 PM   #3
iamotor
LQ Newbie
 
Registered: Jan 2011
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Reuti View Post
What's inside /etc/pam.d/su, maybe one rule is broken? When I get you right, it's just this command but not others, so something in su's rules is not working I would assume.

I don't get the idea of you would prefer su instead of sudo? Why ahould it be more safe? Anyway, you can use pam_access to specify an additional list of allowed users to each command.
If I use sudo su, then I have to type the password of the user that uses this command. The /etc/pam.d/su is:
Code:
#
# The PAM configuration file for the Shadow `su' service
#

# This allows root to su without passwords (normal operation)
auth       sufficient pam_rootok.so

# Uncomment this to force users to be a member of group root
# before they can use `su'. You can also add "group=foo"
# to the end of this line if you want to use a group other
# than the default "root" (but this may have side effect of
# denying "root" user, unless she's a member of "foo" or explicitly
# permitted earlier by e.g. "sufficient pam_rootok.so").
# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
# auth       required   pam_wheel.so

# Uncomment this if you want wheel members to be able to
# su without a password.
# auth       sufficient pam_wheel.so trust

# Uncomment this if you want members of a specific group to not
# be allowed to use su at all.
# auth       required   pam_wheel.so deny group=nosu

# Uncomment and edit /etc/security/time.conf if you need to set
# time restrainst on su usage.
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
# as well as /etc/porttime)
# account    requisite  pam_time.so

# This module parses environment configuration file(s)
# and also allows you to use an extended config
# file /etc/security/pam_env.conf.
# 
# parsing /etc/environment needs "readenv=1"
session       required   pam_env.so readenv=1
# locale variables are also kept into /etc/default/locale in etch
# reading this file *in addition to /etc/environment* does not hurt
session       required   pam_env.so readenv=1 envfile=/etc/default/locale

# Defines the MAIL environment variable
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
# in /etc/login.defs to make sure that removing a user 
# also removes the user's mail spool file.
# See comments in /etc/login.defs
#
# "nopen" stands to avoid reporting new mail when su'ing to another user
session    optional   pam_mail.so nopen

# Sets up user limits, please uncomment and read /etc/security/limits.conf
# to enable this functionality.
# (Replaces the use of /etc/limits in old login)
# session    required   pam_limits.so

# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
@include common-auth
@include common-account
@include common-session
 
Old 01-02-2011, 02:30 PM   #4
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 13.1
Posts: 1,330

Rep: Reputation: 254Reputation: 254Reputation: 254
Quote:
Originally Posted by iamotor View Post
If I use sudo su, then I have to type the password of the user that uses this command.
This can be adjusted by a line in /etc/sudoers:

Code:
Defaults targetpw   # ask for the password of the target user i.e. root
(man sudoers).

Quote:
Originally Posted by iamotor View Post
The /etc/pam.d/su is:
Code:
@include common-auth
@include common-account
@include common-session
Is this syntax optional? There is a special rule to include other files like:

Code:
auth     include        common-auth
account  include        common-account
session  include        common-session
Do you have the @include also in other files in pam.d?
 
Old 01-02-2011, 02:30 PM   #5
iamotor
LQ Newbie
 
Registered: Jan 2011
Posts: 4

Original Poster
Rep: Reputation: 0
I have solved the problem. It was a wrong permission. This link helped me: http://www.webhostingtalk.com/archiv.../t-376683.html.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Google-Chrome Error (Error 9 (net::ERR_UNEXPECTED): Unknown error) smoooth103 Slackware 4 12-04-2010 07:42 PM
[SOLVED] php5 ./configure error: (FILENAME=- FNR=27) fatal error: internal error richinsc Linux - Software 2 07-08-2010 09:20 AM
Memory error: extended error chipkill ecc error rajivdp Linux - Hardware 1 12-07-2009 08:26 AM
Sendmail: eocket wedge , 504 error , dsn error, mail relay connection error djcs Debian 0 03-03-2009 12:41 AM
pam_start() failed, error 26 mvr707 Linux - Software 1 01-21-2008 01:22 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 09:47 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration