Solved

I cant su into root on my own box

Posted on 2008-10-14
15
1,213 Views
Last Modified: 2013-12-06
I know the password is correct but when i try to su into root, it wont work.
the user is in group wheel.

auth.log looks like this when i try to su

Oct 14 14:24:51 genpn unix_chkpwd[22501]: check pass; user unknown
Oct 14 14:24:54 genpn unix_chkpwd[22502]: check pass; user unknown
Oct 14 14:24:54 genpn unix_chkpwd[22502]: password check failed for user (root)
Oct 14 14:24:54 genpn su[22500]: pam_unix(su:auth): authentication failure; logname=n1tsua uid=1000 euid=1000 tty=tty2 ruser=n1tsua rhost=  user=root
Oct 14 14:24:56 genpn su[22500]: pam_authenticate: Authentication failure
Oct 14 14:24:56 genpn su[22500]: FAILED su for root by n1tsua
Oct 14 14:24:56 genpn su[22500]: - tty2 n1tsua:root
0
Comment
Question by:austinemser
  • 6
  • 5
  • 2
  • +1
15 Comments
 
LVL 48

Expert Comment

by:Tintin
ID: 22718186
Is the root account locked?
Were you able to su to root previously?
Do you have a 'root' group on your system and if so, is your user in it?
0
 

Author Comment

by:austinemser
ID: 22718222
i have a root group and no my user isnt in it becuase i dont want that user to be root, i just want to su into root as the user.

i have a wheel group which the user is in

and i can log into root, just not through other users, so i dont think its locked.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 22718245
Is this on Debian?  I've seen a few references to a bug in lib-pam modules.
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 

Author Comment

by:austinemser
ID: 22718256
gentoo using the hardened kernel
0
 
LVL 48

Accepted Solution

by:
Tintin earned 250 total points
ID: 22718258
Sorry, didn't see the Gentoo tags in your post.

Check the perms on

/sbin/unix_chkpwd
/etc/shadow
0
 
LVL 12

Expert Comment

by:ibu1
ID: 22718282
vu /etc/ssh/sshd_config

PermitRootLogin yes

May need to restart ssh.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 22718288
ssh has nothing to do with being able to su to root.
0
 
LVL 12

Expert Comment

by:ibu1
ID: 22718300
0
 

Author Comment

by:austinemser
ID: 22718380
ssh has permitroot login and that shouldnt stop me from su'ing while in ssh
0
 

Author Comment

by:austinemser
ID: 22718389
-rw------- /etc/shadow
-rws--x--x /etc/sbin/unix_chkpwd
0
 
LVL 48

Expert Comment

by:Tintin
ID: 22718619
I'm not 100% sure if the perms for /etc/shadow are correct for Gentoo systems (don't have one I can reference).  I think older versions had group of 'shadow' and perms of 640.
0
 
LVL 20

Assisted Solution

by:edster9999
edster9999 earned 250 total points
ID: 22759096
-rw-------
is correct for shadow - do not change that.


I had a similar problem on a machine where it had lots of failed su's and had locked out the user in the pam accounting area.

Normally this is not done for 'root' but the hardened version may do it.

try
pam_tally --user root

This will tell you if it is keeping a tally on that user.

pam_tally --reset -user root
resets it and will re enable su login if this was the problem/
0
 

Author Comment

by:austinemser
ID: 22759794
after doing the tally and reseting it, it has 0,

then i tried to su in got a message that says 'authentication failure' and it still says
it "has 0"
0
 
LVL 20

Expert Comment

by:edster9999
ID: 22760403
Is that a different message to what you had before ?
Make sure you do have the right password.
Make sure you are in the right groups to get access to 'su'
make sure the account isn't locked out.  (Normally root doesn't get locked out but maybe the hardened version does a 15 mins lock out or something)

Log in as root on the real console and check the logs
0
 

Author Comment

by:austinemser
ID: 22774011
Checked logs same thing as before, root pw is right, user is in the wheel group, account isnt locked out, same error message.

I think it is a problem with unix_chkpwd, but im not sure.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question