Solved

Cannot su root!

Posted on 2007-03-26
8
853 Views
Last Modified: 2013-12-04
I had another question/problem posted earlier after I accidentally did chmod -R 660 / instead of for the one directory I was dealing with.

What I ended up doing was using getacl on a clean installation and setacl back on the original box. This seems to have cleared up some problems but now I have at least one new one:

I cannot su to root! I get = incorrect password. The password is correct b/c I can login as root with it. Here is what I have done so far:

a) userdel -r myuser

b) useradd myuser

c) googled around and saw add user to wheel and root

d) still cannot!


Thanks for any help!

0
Comment
Question by:techwhore
8 Comments
 
LVL 12

Expert Comment

by:ibu1
Comment Utility
Try su -
0
 
LVL 9

Expert Comment

by:kfullarton
Comment Utility
It probably has something to do with /etc/pam.d/su.  Depending on what is configured there will determine what's required for an account to be able to su.
0
 
LVL 4

Expert Comment

by:mjutras
Comment Utility
You should use sudo <command> instead of su because its more secure but if you need to log as root check that your distrib allow you! kubuntu generally doesnt allow su but you can fix it with those following commands:

sudo su -
passwd
0
 

Author Comment

by:techwhore
Comment Utility
No luck with su - either!

I got "Sorry, sudo must be setuid root" I googled this error and fixed it by chmod 4111 on sudo and that got rid of the error but cannot su - still rejects root password.

Guys keep in mind this is a problem resulting from chmoding the whole system to 660 then trying to repair it with setacl with a dump from a clean system.... obviously I screwed something up with permissions. Could su root before no problem. Thanks!


0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 
LVL 9

Expert Comment

by:kfullarton
Comment Utility
What distribution is this?  On RedHat and the like, check permissions on /etc/pam.d/su, should be 644......can you also post the contents here?
0
 

Author Comment

by:techwhore
Comment Utility
So digging a bit deeper I see that SUID/SGID have been replaced by my setacl... Does anyone have a suggestion how I can set these back to the way they should be? Thanks!
0
 
LVL 11

Expert Comment

by:kblack05
Comment Utility
Also check the contents of the file /etc/sudoers:

[root@server1 ~]# cat /etc/sudoers
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification

# User privilege specification
root    ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL

# Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now

[root@server1 ~]#


Be sure that users and root are in there which need access.
0
 
LVL 1

Accepted Solution

by:
crovaxy earned 500 total points
Comment Utility
Is /bin/su with 4755 permissions? (or 4111).
/bin/su does not complain about the setuid bit as sudo does. try fixing it with: chmod 4755 /bin/su
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now