Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
solution to 'Can't su to root (Authentication failure)'?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Duplicate Threads
View previous topic :: View next topic  
Author Message
strathmeyer
n00b
n00b


Joined: 14 Apr 2005
Posts: 28

PostPosted: Thu May 19, 2005 3:44 pm    Post subject: solution to 'Can't su to root (Authentication failure)'? Reply with quote

https://forums.gentoo.org/viewtopic-t-11126.html
https://forums.gentoo.org/viewtopic-t-13934.html
https://forums.gentoo.org/viewtopic-t-15998.html


So, there's a lot of threads about people not being able to su to root from a normal user. It seems that there's actually a lot of things that can cause this one problem. I was having this problem, and I think I found a solution. Every time I tried to su, I would get 'Authentication failure' before I was even prompted for a password. My user is in the wheel group, and permissions on su are correct. =

In login.defs, I can set SU_WHEEL_ONLY to no and log in fine. The comments above it caught my eye, however:

# If "yes", the user must be listed as a member of the first gid 0 group
# in /etc/group (called "root" on most Linux systems) to be able to "su"
# to uid 0 accounts. If the group doesn't exist or is empty, no one
# will be able to "su" to uid 0.

It seems like there's a mixture of standards here between wheel and root. On some types of systems, there is no root group, just wheel. It seems that the above comments are refereing to such a system, except using the root group instead of wheel. (Since having normal users with the same group as root is just weird.)

Also, it's just weird that it refers to uid 0. So all I did is switch the uids for root and wheel (0 and 10 on my system), and everything seems to work like expected.

Will this break anything? I know it changes all of the files that are normally root:root to be root:wheel, but that seems like something I can live with.

Has an actual cause/solution to this problem been discovered?
Back to top
View user's profile Send private message
moocha
Watchman
Watchman


Joined: 21 Oct 2003
Posts: 5722

PostPosted: Thu May 19, 2005 3:51 pm    Post subject: Re: solution to 'Can't su to root (Authentication failure)'? Reply with quote

strathmeyer wrote:
In login.defs, I can set SU_WHEEL_ONLY to no and log in fine.
That's because that setting is cheerfully and completely ignored if the system is using PAM. It applies only to systems using the shadow suite but not PAM.
strathmeyer wrote:
The comments above it caught my eye, however:

# If "yes", the user must be listed as a member of the first gid 0 group
# in /etc/group (called "root" on most Linux systems) to be able to "su"
# to uid 0 accounts. If the group doesn't exist or is empty, no one
# will be able to "su" to uid 0.

It seems like there's a mixture of standards here between wheel and root.
No, there isn't. The wheel group is there just for the su command. The root group is global.
strathmeyer wrote:
On some types of systems, there is no root group, just wheel.
Those systems should be taken outside and shot, then.
strathmeyer wrote:
It seems that the above comments are refereing to such a system,
No.
strathmeyer wrote:
except using the root group instead of wheel.
No.
strathmeyer wrote:
(Since having normal users with the same group as root is just weird.)
No, it isn't. There are legitimate scenarios where a normal user would be a member of the root group (selective access to log files, for example).
strathmeyer wrote:
Also, it's just weird that it refers to uid 0.
No, it's not.
strathmeyer wrote:
So all I did is switch the uids for root and wheel (0 and 10 on my system),
DO NOT DO THAT, EVER!
strathmeyer wrote:
and everything seems to work like expected.
Keyword "seems".
strathmeyer wrote:
Will this break anything?
Yes, it will break a whole bunch of stuff, since most configure scripts chown to username instead of UID. It's a horrible, horrible thing to do!
strathmeyer wrote:
I know it changes all of the files that are normally root:root to be root:wheel, but that seems like something I can live with.
You will have to live with a lot of mysterious breakage later.
strathmeyer wrote:
Has an actual cause/solution to this problem been discovered?
Yes, the cause is not reading the manuals. The group wheel is used by su and by the pam_wheel.so PAM module. It's that easy.
_________________
Military Commissions Act of 2006: http://tinyurl.com/jrcto

"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin
Back to top
View user's profile Send private message
strathmeyer
n00b
n00b


Joined: 14 Apr 2005
Posts: 28

PostPosted: Thu May 19, 2005 4:34 pm    Post subject: Re: solution to 'Can't su to root (Authentication failure)'? Reply with quote

moocha wrote:
strathmeyer wrote:
Has an actual cause/solution to this problem been discovered?
Yes, the cause is not reading the manuals. The group wheel is used by su and by the pam_wheel.so PAM module. It's that easy.


Well, now you're just trolling. The cause is somewhere in Gentoo, not in me. And you're not offereing a solution, just flames and unsupported speculation.
Back to top
View user's profile Send private message
nixnut
Bodhisattva
Bodhisattva


Joined: 09 Apr 2004
Posts: 10974
Location: the dutch mountains

PostPosted: Thu May 19, 2005 5:03 pm    Post subject: Re: solution to 'Can't su to root (Authentication failure)'? Reply with quote

strathmeyer wrote:
Well, now you're just trolling.

8O You just call one of the most experienced posters here a troll? Just because you don't like the implications of his respons.

Quote:
The cause is somewhere in Gentoo, not in me. And you're not offereing a solution, just flames and unsupported speculation.
Ah, well if you know what the problem is then you must know how to fix it. So why bother with creating this thread then? Good luck with your "solution".
_________________
Please add [solved] to the initial post's subject line if you feel your problem is resolved. Help answer the unanswered

talk is cheap. supply exceeds demand
Back to top
View user's profile Send private message
moocha
Watchman
Watchman


Joined: 21 Oct 2003
Posts: 5722

PostPosted: Thu May 19, 2005 5:06 pm    Post subject: Re: solution to 'Can't su to root (Authentication failure)'? Reply with quote

strathmeyer wrote:
moocha wrote:
strathmeyer wrote:
Has an actual cause/solution to this problem been discovered?
Yes, the cause is not reading the manuals. The group wheel is used by su and by the pam_wheel.so PAM module. It's that easy.


Well, now you're just trolling.
Wrong.
strathmeyer wrote:
The cause is somewhere in Gentoo, not in me.
Wrong.
strathmeyer wrote:
And you're not offereing a solution,
Wrong.
strathmeyer wrote:
just flames and unsupported speculation.

Wrong.
Let me reiterate: The manual pages and documentation for PAM, shadow, su, and login.defs offer you all that I outlined above, just scattered around instead of wrapped up nicely in one post like I did. In case you're unaware of how to read the manual pages I mentioned:
Code:
man 5 shadow
man 1 login
man login.defs
man pam
and refer to The Linux-PAM System Administrators' Guide and the kernel.org PAM pages.
Don't try to pass off your own ignorance or deliberate disinformation as someone else's trolling. You'll just make yourself look ridiculous.
_________________
Military Commissions Act of 2006: http://tinyurl.com/jrcto

"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin
Back to top
View user's profile Send private message
strathmeyer
n00b
n00b


Joined: 14 Apr 2005
Posts: 28

PostPosted: Thu May 19, 2005 6:07 pm    Post subject: Re: solution to 'Can't su to root (Authentication failure)'? Reply with quote

moocha wrote:

Let me reiterate: The manual pages and documentation for PAM, shadow, su, and login.defs offer you all that I outlined above, just scattered around instead of wrapped up nicely in one post like I did. In case you're unaware of how to read the manual pages I mentioned:
Code:
man 5 shadow
man 1 login
man login.defs
man pam
and refer to The Linux-PAM System Administrators' Guide and the kernel.org PAM pages.
Don't try to pass off your own ignorance or deliberate disinformation as someone else's trolling. You'll just make yourself look ridiculous.


I'm sorry that you seem to think writing 'Wrong' over and over is helpful. First of all, are you saying that I should be using PAM? This is very unclear.

I've read all the above man pages. The fact of the matter is this: I installed Gentoo, and I can't su to root from a normal user, and you claim it's a problem with me, and not with Gentoo? So, what have I done wrong, since Gentoo has done nothing wrong?

I'm asking for a solution and you're calling this ignorance and deliberate disinformation and generally flaming me? I'm sorry for trying to be helpful.
Back to top
View user's profile Send private message
strathmeyer
n00b
n00b


Joined: 14 Apr 2005
Posts: 28

PostPosted: Thu May 19, 2005 6:10 pm    Post subject: Re: solution to 'Can't su to root (Authentication failure)'? Reply with quote

nixnut wrote:
Ah, well if you know what the problem is then you must know how to fix it. So why bother with creating this thread then? Good luck with your "solution".


I think I know what the problem is, and I think I know how to fix it. That's why I'm asking. If I'm in the wrong forum, than please tell me. And if I'm just feeding the trools, I'm sorry.
Back to top
View user's profile Send private message
nixnut
Bodhisattva
Bodhisattva


Joined: 09 Apr 2004
Posts: 10974
Location: the dutch mountains

PostPosted: Thu May 19, 2005 6:28 pm    Post subject: Reply with quote

Er, well. Let's do some info gathering then.
Is pam actually installed?
What does /etc/pam.d/su look like?
What is in /etc/suauth?
_________________
Please add [solved] to the initial post's subject line if you feel your problem is resolved. Help answer the unanswered

talk is cheap. supply exceeds demand
Back to top
View user's profile Send private message
moocha
Watchman
Watchman


Joined: 21 Oct 2003
Posts: 5722

PostPosted: Thu May 19, 2005 6:37 pm    Post subject: Re: solution to 'Can't su to root (Authentication failure)'? Reply with quote

strathmeyer wrote:
I'm sorry that you seem to think writing 'Wrong' over and over is helpful.
Feel sorry all you want. Truth is always helpful.
strathmeyer wrote:
First of all, are you saying that I should be using PAM? This is very unclear.
No. I'm trying to prevent new or less experienced Gentoo users to follow the indications from your original post and bork their system.
strathmeyer wrote:
I've read all the above man pages.
Then you know how to solve it. Problem solved. Why are we holding this conversation then?
strathmeyer wrote:
The fact of the matter is this: I installed Gentoo, and I can't su to root from a normal user, and you claim it's a problem with me, and not with Gentoo?
Yes.
strathmeyer wrote:
So, what have I done wrong, since Gentoo has done nothing wrong?
Most probably (highly probably, I'd say) the usual: You didn't follow the manual.
strathmeyer wrote:
I'm asking for a solution and you're calling this ignorance and deliberate disinformation
No. You didn't ask for a solution, you posed as if you had one for a global problem, and offered some at the very least questionable "tips" that would badly bork the systems of new users after they would follow them and then emerge anything in the system metapackage.
strathmeyer wrote:
and generally flaming me?
The only person that flamed is you. Did I namecall or did I insult? Didn't think so.
strathmeyer wrote:
I'm sorry for trying to be helpful.
Don't be, you weren't.
_________________
Military Commissions Act of 2006: http://tinyurl.com/jrcto

"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin
Back to top
View user's profile Send private message
nixnut
Bodhisattva
Bodhisattva


Joined: 09 Apr 2004
Posts: 10974
Location: the dutch mountains

PostPosted: Thu May 19, 2005 6:49 pm    Post subject: Re: solution to 'Can't su to root (Authentication failure)'? Reply with quote

moocha wrote:
strathmeyer wrote:
I'm sorry that you seem to think writing 'Wrong' over and over is helpful.
Feel sorry all you want. Truth is always helpful.
strathmeyer wrote:
First of all, are you saying that I should be using PAM? This is very unclear.
No. I'm trying to prevent new or less experienced Gentoo users to follow the indications from your original post and bork their system.
strathmeyer wrote:
I've read all the above man pages.
Then you know how to solve it. Problem solved. Why are we holding this conversation then?
strathmeyer wrote:
The fact of the matter is this: I installed Gentoo, and I can't su to root from a normal user, and you claim it's a problem with me, and not with Gentoo?
Yes.
strathmeyer wrote:
So, what have I done wrong, since Gentoo has done nothing wrong?
Most probably (highly probably, I'd say) the usual: You didn't follow the manual.
strathmeyer wrote:
I'm asking for a solution and you're calling this ignorance and deliberate disinformation
No. You didn't ask for a solution, you posed as if you had one for a global problem, and offered some at the very least questionable "tips" that would badly bork the systems of new users after they would follow them and then emerge anything in the system metapackage.
strathmeyer wrote:
and generally flaming me?
The only person that flamed is you. Did I namecall or did I insult? Didn't think so.
strathmeyer wrote:
I'm sorry for trying to be helpful.
Don't be, you weren't.


Er, right. Well, since the both of you have made your points clear on this, can we now stop the how-close-can-we-get-to-a-flaming-contest-without-name-calling contest please and get back to the actual problem and/or misunderstanding of the things involved?
_________________
Please add [solved] to the initial post's subject line if you feel your problem is resolved. Help answer the unanswered

talk is cheap. supply exceeds demand
Back to top
View user's profile Send private message
moocha
Watchman
Watchman


Joined: 21 Oct 2003
Posts: 5722

PostPosted: Thu May 19, 2005 7:17 pm    Post subject: Reply with quote

*locates closest cold water outlet*
Ahem, sorry. You're of course right, I apologize.


EDIT: Since this appears "unresolved" I'm going to defer to the FAQ entry regarding 'su'. --pjp
_________________
Military Commissions Act of 2006: http://tinyurl.com/jrcto

"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Duplicate Threads All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum