neundorf
asked on
Suse 9.1 Pro su password stopped working
Just installed the system and su password worked the first few times and then just stopped working. I can login as root and password works, but su password doesn't work under another user.
This has occurred on two different systems and both are 9.1 Pro. Any ideas how I can fix this - I'm relatively new to linux.
I appreciate the help.
This has occurred on two different systems and both are 9.1 Pro. Any ideas how I can fix this - I'm relatively new to linux.
I appreciate the help.
ASKER
Thanks for responding - I did not explain myself very well. The root password does not work when entering the root password after 'su' in a terminal window. I get a 'incorrect password' message. I can log into root with the same password without any issues.
The problem is trying to get 'su' to work in terminal window when logged in as another user - the rott password under 'su' doesn't work.
It isn't the sticky bit causing the problem either. It's not a keyboard issue either. The password is being typed correctly.
I'm stumped so far.
The problem is trying to get 'su' to work in terminal window when logged in as another user - the rott password under 'su' doesn't work.
It isn't the sticky bit causing the problem either. It's not a keyboard issue either. The password is being typed correctly.
I'm stumped so far.
In FreeBSD you must add the users to the "wheel" group in order to allow them to access the su function (they can execute it, but doesn't recognize them as root even if they input the correct password)... even though Linux != FreeBSD... just a thought :P hehe sorry if I'm disturbing here :S
MMarts
MMarts
su uses pam to hanble passwords and stuff. Check the file /etc/pam.d/su for weirdness.
I am not running any suse machines so I do not have a sample of a suse box but on my Gentoo it reads as follows: (users in group wheel can su from any terminal)
auth sufficient /lib/security/pam_rootok.s o
# Comment this to allow any user, even those not in the 'wheel'
# group to su
auth required /lib/security/pam_wheel.so use_uid
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_xauth.so
I am not running any suse machines so I do not have a sample of a suse box but on my Gentoo it reads as follows: (users in group wheel can su from any terminal)
auth sufficient /lib/security/pam_rootok.s
# Comment this to allow any user, even those not in the 'wheel'
# group to su
auth required /lib/security/pam_wheel.so
auth required /lib/security/pam_stack.so
account required /lib/security/pam_stack.so
password required /lib/security/pam_stack.so
session required /lib/security/pam_stack.so
session optional /lib/security/pam_xauth.so
Is the sticky bit set on SU?
[root@charlene log]# ls -lF /bin/su
-rwsr-xr-x 1 root root 19132 Oct 19 2004 /bin/su*
The 's' in the permissions is for the sticky bit. This means that the command is run with the privileges from the user owning the command, not the privileges of the user executing the command. Change the settings of the sticky bit with chmod.
[root@charlene log]# ls -lF /bin/su
-rwsr-xr-x 1 root root 19132 Oct 19 2004 /bin/su*
The 's' in the permissions is for the sticky bit. This means that the command is run with the privileges from the user owning the command, not the privileges of the user executing the command. Change the settings of the sticky bit with chmod.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Touchy! Why are you worried so much about me instead of him?
Regardless, it's what fixed my problem like this in the past, if that's not the problem, then you likely have one of a few things.
You aren't in the SU ables file, you can modify the user account properties with some of the onboard tools, and set to allow SU. There is also a config file called 'suable' in some cases.
Please post the output of this command if you haven't fixed it yet:
tail -f /var/log/messages
Then in another terminal window try to su, and watch the logs.
Thanks
~KB
Regardless, it's what fixed my problem like this in the past, if that's not the problem, then you likely have one of a few things.
You aren't in the SU ables file, you can modify the user account properties with some of the onboard tools, and set to allow SU. There is also a config file called 'suable' in some cases.
Please post the output of this command if you haven't fixed it yet:
tail -f /var/log/messages
Then in another terminal window try to su, and watch the logs.
Thanks
~KB
The second argument to su is the username you want to become.