Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Su broke, blast!!! [SOLVED]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Duplicate Threads
View previous topic :: View next topic  
Author Message
BioSLuDge
Tux's lil' helper
Tux's lil' helper


Joined: 12 Jul 2004
Posts: 99
Location: Utah

PostPosted: Sat Jul 16, 2005 6:10 am    Post subject: Su broke, blast!!! [SOLVED] Reply with quote

Hey, I tried something that was not in portage before really checking it out (yeah stupid me). I installed pwdutils to help with adding ldap users. Well for starters it messed with a lot of my /etc/pam.d files, after fixing all of this and trying for about a day, i still couldn't get a user added correctly with a default password so they could log in or even change their password. So I uninstalled the blasted thing, did a emerge shadow pam pam-login (i dunno if i should have done the pam-login) to fix the damage it did, I was missing useradd and a few other utils. Everything was all better except su. At start, i couldn't su to root from a user in wheel or su from root to a user. I found the handy su faq and fallowed that, it didn't fix suing up to root, but I can su from root to another user.

Keep in mind, su worked like a peach before all of this.

error

Code:

bleh@three_mile_island ~ $ su
Password:
su: Authentication failure
Sorry.


Because I know it will be asked.

/etc/pam.d/su

Code:

#%PAM-1.0

auth       sufficient   /lib/security/pam_rootok.so

# If you want to restrict users begin allowed to su even more,
# create /etc/security/suauth.allow (or to that matter) that is only
# writable by root, and add users that are allowed to su to that
# file, one per line.
#auth       required     /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow

# Uncomment this to allow users in the wheel group to su without
# entering a passwd.
#auth       sufficient   /lib/security/pam_wheel.so use_uid trust

# Alternatively to above, you can implement a list of users that do
# not need to supply a passwd with a list.
#auth       sufficient   /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass

# Comment this to allow any user, even those not in the 'wheel'
# group to su
auth       required     /lib/security/pam_wheel.so use_uid

auth       required     /lib/security/pam_stack.so service=system-auth

account    required     /lib/security/pam_stack.so service=system-auth

password   required     /lib/security/pam_stack.so service=system-auth

session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_xauth.so


groups ran from the user I'm trying to su from.

Code:

wheel floppy audio cdrom video games cdrw apache usb users portage family media


ls -l /bin/su

Code:

-rwsr-xr-x  1 root root 32540 Jul 15 16:49 /bin/su


If I missed anything let me know, or if you have any ideas.

Oh yeah, and I am using the root password when I try to su as this other user.

Thank you for your time.

-BioSLuDge


Last edited by BioSLuDge on Sun Jul 17, 2005 6:05 am; edited 1 time in total
Back to top
View user's profile Send private message
ikaro
Advocate
Advocate


Joined: 14 Jul 2003
Posts: 2526
Location: Denmark

PostPosted: Sat Jul 16, 2005 6:38 am    Post subject: Reply with quote

well i can give you a fix - which doesnt need to have PAM installed ( I dont use pam )

create this:
/etc/suauth
Code:

root:ALL EXCEPT GROUP wheel:DENY


edit this:
/etc/login.defs
Code:

SU_WHEEL_ONLY   no


logout and login again - su :)
_________________
linux: #232767
Back to top
View user's profile Send private message
varpath
n00b
n00b


Joined: 02 Feb 2005
Posts: 18

PostPosted: Sat Jul 16, 2005 6:40 am    Post subject: Reply with quote

Hi there,

It would appear that I'm having the same prob as you.

As root, I'm too able to su to a normal user(in wheel) but upon changing to a normal user, I cant su back to root

Also, I notice that the normal user cant change his own passwd..
Weird..

Here's a log of what I tried to do..
Code:

/etc/pam.d$whoami
deviant
/etc/pam.d$groups
wheel audio cdrom users portage
/etc/pam.d$passwd
passwd: Authentication token manipulation error
/etc/pam.d$su
Password:
su: Authentication failure
Sorry.
/etc/pam.d$ls -l `which su`
-rwxr-xr-x  1 root root 21732 Mar 12 03:22 /bin/su


ikaro wrote:
well i can give you a fix - which doesnt need to have PAM installed ( I dont use pam )

Thanks ikaro, but your fix doesnt work on my box..
Back to top
View user's profile Send private message
BioSLuDge
Tux's lil' helper
Tux's lil' helper


Joined: 12 Jul 2004
Posts: 99
Location: Utah

PostPosted: Sun Jul 17, 2005 4:57 am    Post subject: Reply with quote

ikaro wrote:
well i can give you a fix - which doesnt need to have PAM installed ( I dont use pam )

create this:
/etc/suauth
Code:

root:ALL EXCEPT GROUP wheel:DENY


edit this:
/etc/login.defs
Code:

SU_WHEEL_ONLY   no


logout and login again - su :)


I tried that too, it was in the faq except i used ALL:ALL but i tried root:ALL and nothing worked.


varpath: the program that i used overwrote /etc/pam.d/passwd

make sure that file reads the fallowing

Code:

#%PAM-1.0

auth       required     /lib/security/pam_stack.so service=system-auth

account    required     /lib/security/pam_stack.so service=system-auth

password   required     /lib/security/pam_stack.so service=system-auth


maybe that will help you.

Thanks for everyones time.
-BioSLuDge
Back to top
View user's profile Send private message
BioSLuDge
Tux's lil' helper
Tux's lil' helper


Joined: 12 Jul 2004
Posts: 99
Location: Utah

PostPosted: Sun Jul 17, 2005 6:04 am    Post subject: Reply with quote

Ok maybe this was a little rash, I know that my /etc/pam.d/passwd and my /etc/pam.d/su are correct. But I went crazy and downloaded a stage3 tarball and extracted it. Then I deleted my current /etc/pam.d and moved the pam.d from the stage3 tarball over to the pam.d on my gentoo system and everything worked again just fine.

Thanks everyone anyway.
-BioSLuDge
Back to top
View user's profile Send private message
Maedhros
Bodhisattva
Bodhisattva


Joined: 14 Apr 2004
Posts: 5511
Location: Durham, UK

PostPosted: Tue Aug 02, 2005 7:39 am    Post subject: Reply with quote

Moved from Other Things Gentoo to Duplicate Threads in favour of https://forums.gentoo.org/viewtopic-t-25206.html
_________________
No-one's more important than the earthworm.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Duplicate Threads All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum