Solved

Suse 9.1 Pro su password stopped working

Posted on 2004-10-19
7
680 Views
Last Modified: 2008-02-01
Just installed the system and su password worked the first few times and then just stopped working.  I can login as root and password works, but su password doesn't work under another user.

This has occurred on two different systems and both are 9.1 Pro.  Any ideas how I can fix this - I'm relatively new to linux.

I appreciate the help.
0
Comment
Question by:neundorf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 6

Expert Comment

by:de2Zotjes
ID: 12361259
su password ? I don't quite understand why you would do that. you normally type "su" or "su -" and then you are prompted for the root password.
The second argument to su is the username you want to become.
0
 

Author Comment

by:neundorf
ID: 12361863
Thanks for responding - I did not explain myself very well.  The root password does not work when entering the root password after 'su' in a terminal window.  I get a 'incorrect password' message.  I can log into root with the same password without any issues.

The problem is trying to get 'su' to work in terminal window when logged in as another user - the rott password under 'su' doesn't work.

It isn't the sticky bit causing the problem either.  It's not a keyboard issue either.  The password is being typed correctly.

I'm stumped so far.
0
 
LVL 2

Expert Comment

by:mmartha
ID: 12362045
In FreeBSD you must add the users to the "wheel" group in order to allow them to access the su function (they can execute it, but doesn't recognize them as root even if they input the correct password)... even though Linux != FreeBSD... just a thought :P hehe sorry if I'm disturbing here :S


MMarts
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 6

Expert Comment

by:de2Zotjes
ID: 12362182
su uses pam to hanble passwords and stuff. Check the file /etc/pam.d/su for weirdness.

I am not running any suse machines so I do not have a sample of a suse box but on my Gentoo it reads as follows: (users in group wheel can su from any terminal)

auth       sufficient   /lib/security/pam_rootok.so
# Comment this to allow any user, even those not in the 'wheel'
# group to su
auth       required     /lib/security/pam_wheel.so use_uid
auth       required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_xauth.so
0
 
LVL 2

Expert Comment

by:ITG-SSNA
ID: 12364436
Is the sticky bit set on SU?

[root@charlene log]# ls -lF /bin/su
-rwsr-xr-x    1 root     root        19132 Oct 19  2004 /bin/su*

The 's' in the permissions is for the sticky bit. This means that the command is run with the privileges from the user owning the command, not the privileges of the user executing the command. Change the settings of the sticky bit with chmod.

0
 
LVL 6

Accepted Solution

by:
de2Zotjes earned 500 total points
ID: 12367342
Please refer to the setuid-bit as the setuid-bit. The sticky bit is an entirely different beast and its function is not related to changing userid's.

But even worse, the guy who asked the question allready said that it isn't the "sticky" bit. Read the comments first...
0
 
LVL 2

Expert Comment

by:ITG-SSNA
ID: 12371977
Touchy! Why are you worried so much about me instead of him?

Regardless, it's what fixed my problem like this in the past, if that's not the problem, then you likely have one of a few things.
You aren't in the SU ables file, you can modify the user account properties with some of the onboard tools, and set to allow SU. There is also a config file called 'suable' in some cases.

Please post the output of this command if you haven't fixed it yet:

tail -f /var/log/messages

Then in another terminal window try to su, and watch the logs.

Thanks

~KB
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Fine Tune your automatic Updates for Ubuntu / Debian
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question