Cannot "su" in the terminal

joshtt · 09-20-2005, 06:28 AM

Hi there!

I'm using Mdk 10.0 and I cannot "su" when I'm logged in as a user of the wheel group.
I want to stay at level 4 (server), but also want to be able to su to root from any user.
Right now I get the message: Incorrect password. And I'm sure the pass is correct, since I can login as root from the login menu.

This is my level.4 file:

accept_bogus_error_responses no
accept_broadcasted_icmp_echo no
accept_icmp_echo no
allow_autologin no
allow_issues LOCAL
allow_reboot no
allow_remote_root_login without_password
allow_root_login yes
allow_user_list no
allow_x_connections NONE
allow_xserver_to_listen no
authorize_services LOCAL
enable_at_crontab no
enable_console_log yes
enable_dns_spoofing_protection yes
enable_ip_spoofing_protection yes
enable_log_strange_packets yes
enable_msec_cron yes
enable_pam_wheel_for_su yes
enable_password yes
enable_promisc_check yes
enable_security_check yes
enable_sulogin yes
password_aging 60 30
password_history 0
password_length 6 1 1
set_root_umask 022
set_secure_level 4
set_security_conf CHECK_OPEN_PORT yes
set_security_conf CHECK_PASSWD yes
set_security_conf CHECK_PERMS yes
set_security_conf CHECK_PROMISC yes
set_security_conf CHECK_SECURITY yes
set_security_conf CHECK_SGID yes
set_security_conf CHECK_SHADOW yes
set_security_conf CHECK_SUID_MD5 yes
set_security_conf CHECK_SUID_ROOT yes
set_security_conf CHECK_UNOWNED yes
set_security_conf CHECK_WRITABLE yes
set_security_conf CHKROOTKIT_CHECK yes
set_security_conf MAIL_EMPTY_CONTENT yes
set_security_conf MAIL_WARN yes
set_security_conf RPM_CHECK yes
set_security_conf SYSLOG_WARN yes
set_security_conf TTY_WARN yes
set_shell_history_size 10
set_shell_timeout 3600
set_user_umask 077

And this is my level.local file:

enable_pam_wheel_for_su (yes)
allow_root_login (yes)
enable_at_crontab (yes)

Oh yeah, when I use tcsh, no command is recognized anymore. Using bash, everything works ....

Any help to get su working again is very much appreciated!!!

And I admit I played a little with this msec thingy .... shouldn't have done that ...

Josh (noob)

Matir · 09-20-2005, 07:57 AM

Is your user part of the group "wheel"?

joshtt · 09-22-2005, 07:31 AM

Sorry for the late reply.... but yes indeed. The user belongs to the wheel group.

somarasa · 09-22-2005, 02:41 PM

$ su -l root

joshtt · 10-13-2005, 09:34 AM

Quote:

Originally posted by somarasa
$ su -l root

Doesn't work either. I'm gonna reinstall the whole thing next week.... I'm a bit tired of it now ....