LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   Problem with su (https://www.linuxquestions.org/questions/slackware-14/problem-with-su-581465/)

Metodej 09-01-2007 09:46 AM
Problem with su
 
Hello.
I have problem. I've installed Slackware 12.0 yesterday. It works fine exccept one thing. I have problem with su. I can login as root and user fine. But when I login as user I cannot use su.
Code:
tom@metodej:/$ su
Password:
Sorry.
Password is correct but it still doesn't work. User is in wheel group, has rights to /bin/su......

Code:
cat securetty
# This file defines which devices root can log in on.

# These are the ttys on the physical console:
console
tty1
tty2
tty3
tty4
tty5
tty6
Does anybody has any idea?
Thanks..

thekid 09-01-2007 10:16 AM
Quote:
Originally Posted by Metodej (Post 2877782)
Hello.
I have problem. I've installed Slackware 12.0 yesterday. It works fine exccept one thing. I have problem with su. I can login as root and user fine. But when I login as user I cannot use su.
Code:
tom@metodej:/$ su
Password:
Sorry.
Password is correct but it still doesn't work. User is in wheel group, has rights to /bin/su......

Code:
cat securetty
# This file defines which devices root can log in on.

# These are the ttys on the physical console:
console
tty1
tty2
tty3
tty4
tty5
tty6
Does anybody has any idea?
Thanks..
Stupid question, but who's password are you using when it asks you for su, user or root?

Metodej 09-01-2007 10:27 AM
Quote:
Originally Posted by thekid (Post 2877816)
Stupid question, but who's password are you using when it asks you for su, user or root?
root

???Stupid question?????

thekid 09-01-2007 10:40 AM
Quote:
Originally Posted by Metodej (Post 2877825)
root

???Stupid question?????
Sorry, mine was stupid, not yours. It's saying you are typing the password incorrect, but if you can login as root then I doubt it. Forgive me, I'm still a newb so don't know/remember all the file names and such, but perhaps su can't cross reference with the user/password files? Did you try:
Code:
su root
Maybe it's not recognizing that you're trying to go into root.

Road_map 09-01-2007 10:59 AM
If you decided to use wheel group by adding here you user name please read http://alien.slackbook.org/dokuwiki/...id=linux:admin.

Metodej 09-01-2007 11:03 AM
Quote:
Originally Posted by thekid (Post 2877831)
Sorry, mine was stupid, not yours. It's saying you are typing the password incorrect, but if you can login as root then I doubt it. Forgive me, I'm still a newb so don't know/remember all the file names and such, but perhaps su can't cross reference with the user/password files? Did you try:
Code:
su root
Maybe it's not recognizing that you're trying to go into root.
No problem. No need to apologies.. I am happy for each idea:)... Yes i try
Code:
su root
su -root
sudo...etc
Today I've installed Slackware on friend's PC and no problem with su. I've matched conf. It seems same....... Passwd is correct. I tried single letter as password... but no effect

pixellany 09-01-2007 11:09 AM
ctrl-alt-F1 for a terminal and make sure you can LOG IN as root. (not su)

Try changing the root password and then try su again.

rworkman 09-01-2007 11:04 PM
Show the output of
Code:
ls -l /bin/su
Mine looks like this:
Code:
$ ls -l /bin/su           
-rws--x--- 1 root wheel 36K 2007-06-19 01:59 /bin/su*
Note that it is suid. If /bin/su is not suid, it will execute just fine, but it will not allow any switching of users.

Also note that this is *not* the default permissions of /bin/su -- I have removed executable permissions from everyone but the root user and members of the wheel group. If that's what you're trying to do, then here's what you want:
Code:
# chown root:wheel /bin/su
# chmod 4710 /bin/su

Road_map 09-02-2007 04:53 AM
This is a very interesting thread.
The wheel group and his power is normally belong to BSD (man su).

Of course we can use wheel group in Slackware too, but it is not support by default:

Code:
Why GNU su does not support the wheel group (by Richard Stallman)

      Sometimes a few of the users try to hold total power  over
      all  the  rest.  For example, in 1984, a few users at the
      MIT AI lab decided to seize power by changing the operator
      password  on  the Twenex system and keeping it secret from
      everyone else.  (I was able to thwart this coup  and  give
      power  back  to  the  users  by patching the kernel, but I
      wouldn't know how to do that in Unix.)

      However, occasionally the rulers do tell  someone.  Under
      the usual su mechanism, once someone learns the root pass-
      word who sympathizes with the ordinary users, he can  tell
      the  rest.  The  "wheel  group"  feature  would make this
      impossible, and thus cement the power of the rulers.

      I'm on the side of the masses, not that of the rulers.  If
      you  are  used  to  supporting the bosses and sysadmins in
      whatever they do, you might  find  this  idea  strange  at
      first.
Ok, back to work. I modify in /etc/login.defs the line bellow
Code:
#
# If "yes", the user must be listed as a member of the first gid 0 group
# in /etc/group (called "root" on most Linux systems) to be able to "su"
# to uid 0 accounts.  If the group doesn't exist or is empty, no one
# will be able to "su" to uid 0.
#
SU_WHEEL_ONLY  no
to
Code:
SU_WHEEL_ONLY  yes
If the user belong or not to wheel group the answer is the same:
Code:
$ su
You are not authorized to su root
This will work if we follow the rworkman's way.

But if we turn to pure BSD style and create the /etc/suauth file (without chown & chmod)
Code:
#
# /etc/suauth file
#
# A couple of privileged usernames may
# su to root with their own password.
#
# root:andrew,thomas:OWNPASS
#
# Anyone else may not su to root unless in
# group wheel. This is how BSD does things.
#
root:ALL EXCEPT GROUP wheel:DENY
#
# Perhaps andrew and thomas are accounts
# owned by the same person.
# Access can be arranged between them
# with no password.
#
# andrew:thomas:NOPASS
#
then user can su only he belong to wheel group. If he don't, the answer is:
Code:
$ su
Access to su to that account DENIED.
You are not authorized to su root
And my :twocents:: this is the right way for Slackware to use wheel group.

@ OP

I don't know what modifications did you do to your system, but this error message
Code:
$ su
Password:
Sorry.
is only for wrong root password.

Metodej 09-02-2007 05:40 AM
Quote:
Originally Posted by Road_map (Post 2877849)
If you decided to use wheel group by adding here you user name please read http://alien.slackbook.org/dokuwiki/...id=linux:admin.
/etc/sudoers
Thanks for url. It was helpfull. I forgot uncomment one line in /etc/sudoers. And that was the problem.

Thanks for help to all.:)

thekid 09-02-2007 11:39 AM
OK, well, I did something wrong, but I cannot for the life of me figure out what it is. This box is used only by me, but I wanted to screw around with the sudo stuff, so I followed all the advice here, and now I can't su, and only sudo certain commands, i.e. I cannot sudo vigr, but I can sudo vi /etc/group. Here is the output of the selected files:

Code:
keith@Unimatrix01:~$ ls -l /bin/su
-rws--x--- 1 root wheel 35868 2007-06-18 23:59 /bin/su*
In my console, the /bin/su* has a red box around it, not sure what that means.

Code:
keith@Unimatrix01:~$ cat /etc/group
wheel::10:root,keith
Code:
keith@Unimatrix01:~$ sudo cat /etc/sudoers
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification

# Runas alias specification

# User privilege specification
root    ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
%wheel  ALL=(ALL)      ALL

# Same thing without a password
# %wheel        ALL=(ALL)      NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now
Code:
keith@Unimatrix01:~$ su
You are not authorized to su root
Any help?

ahafeel 09-03-2007 01:47 PM
Quote:
Originally Posted by rworkman (Post 2878258)
Show the output of
Code:
ls -l /bin/su
Mine looks like this:
Code:
$ ls -l /bin/su           
-rws--x--- 1 root wheel 36K 2007-06-19 01:59 /bin/su*
Note that it is suid. If /bin/su is not suid, it will execute just fine, but it will not allow any switching of users.

Also note that this is *not* the default permissions of /bin/su -- I have removed executable permissions from everyone but the root user and members of the wheel group. If that's what you're trying to do, then here's what you want:
Code:
# chown root:wheel /bin/su
# chmod 4710 /bin/su
Hello everybody. This solution worked for me. Thanks rworkman.

thekid 09-04-2007 04:57 PM
Ok, I think I got it figured out. It's working correctly, I just had to set up the aliases so that I could type
Code:
sudo pkgtool
instead of
Code:
sudo /sbin/pkgtool
I still can't su, and now I cannot be lazy and do some admin stuff in KDE like I used because it can't find su, but it's working for the mostpart.

Disillusionist 11-27-2007 02:35 AM
Quote:
Originally Posted by thekid (Post 2878734)
OK, well, I did something wrong, but I cannot for the life of me figure out what it is. This box is used only by me, but I wanted to screw around with the sudo stuff, so I followed all the advice here, and now I can't su, and only sudo certain commands, i.e. I cannot sudo vigr, but I can sudo vi /etc/group.
As you can run sudo vi you can shell out and change the permissions on /bin/su:

Code:
sudo vi /tmp/test
:!/bin/bash
Should be at a root prompt, then:
Code:
chmod 4711 /bin/su
exit
Should see "Press ENTER or type any command to continue"
Press Enter
then you should be back in vi session for /tmp/test
Code:
:q!
Now you should have /bin/su back for all users.

It's a little less work than rebooting into single user mode

Also raises the question of what commands you allow users to run via sudo...


All times are GMT -5. The time now is 04:53 PM.