• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 893
  • Last Modified:

Cannot su root!

I had another question/problem posted earlier after I accidentally did chmod -R 660 / instead of for the one directory I was dealing with.

What I ended up doing was using getacl on a clean installation and setacl back on the original box. This seems to have cleared up some problems but now I have at least one new one:

I cannot su to root! I get = incorrect password. The password is correct b/c I can login as root with it. Here is what I have done so far:

a) userdel -r myuser

b) useradd myuser

c) googled around and saw add user to wheel and root

d) still cannot!

Thanks for any help!

1 Solution
Try su -
It probably has something to do with /etc/pam.d/su.  Depending on what is configured there will determine what's required for an account to be able to su.
You should use sudo <command> instead of su because its more secure but if you need to log as root check that your distrib allow you! kubuntu generally doesnt allow su but you can fix it with those following commands:

sudo su -
Build your data science skills into a career

Are you ready to take your data science career to the next step, or break into data science? With Springboard’s Data Science Career Track, you’ll master data science topics, have personalized career guidance, weekly calls with a data science expert, and a job guarantee.

techwhoreAuthor Commented:
No luck with su - either!

I got "Sorry, sudo must be setuid root" I googled this error and fixed it by chmod 4111 on sudo and that got rid of the error but cannot su - still rejects root password.

Guys keep in mind this is a problem resulting from chmoding the whole system to 660 then trying to repair it with setacl with a dump from a clean system.... obviously I screwed something up with permissions. Could su root before no problem. Thanks!

What distribution is this?  On RedHat and the like, check permissions on /etc/pam.d/su, should be 644......can you also post the contents here?
techwhoreAuthor Commented:
So digging a bit deeper I see that SUID/SGID have been replaced by my setacl... Does anyone have a suggestion how I can set these back to the way they should be? Thanks!
Also check the contents of the file /etc/sudoers:

[root@server1 ~]# cat /etc/sudoers
# sudoers file.
# This file MUST be edited with the 'visudo' command as root.
# See the sudoers man page for the details on how to write a sudoers file.

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification

# User privilege specification
root    ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL

# Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now

[root@server1 ~]#

Be sure that users and root are in there which need access.
Is /bin/su with 4755 permissions? (or 4111).
/bin/su does not complain about the setuid bit as sudo does. try fixing it with: chmod 4755 /bin/su
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now