Solved

I cant su into root on my own box

Posted on 2008-10-14
15
1,205 Views
Last Modified: 2013-12-06
I know the password is correct but when i try to su into root, it wont work.
the user is in group wheel.

auth.log looks like this when i try to su

Oct 14 14:24:51 genpn unix_chkpwd[22501]: check pass; user unknown
Oct 14 14:24:54 genpn unix_chkpwd[22502]: check pass; user unknown
Oct 14 14:24:54 genpn unix_chkpwd[22502]: password check failed for user (root)
Oct 14 14:24:54 genpn su[22500]: pam_unix(su:auth): authentication failure; logname=n1tsua uid=1000 euid=1000 tty=tty2 ruser=n1tsua rhost=  user=root
Oct 14 14:24:56 genpn su[22500]: pam_authenticate: Authentication failure
Oct 14 14:24:56 genpn su[22500]: FAILED su for root by n1tsua
Oct 14 14:24:56 genpn su[22500]: - tty2 n1tsua:root
0
Comment
Question by:austinemser
  • 6
  • 5
  • 2
  • +1
15 Comments
 
LVL 48

Expert Comment

by:Tintin
ID: 22718186
Is the root account locked?
Were you able to su to root previously?
Do you have a 'root' group on your system and if so, is your user in it?
0
 

Author Comment

by:austinemser
ID: 22718222
i have a root group and no my user isnt in it becuase i dont want that user to be root, i just want to su into root as the user.

i have a wheel group which the user is in

and i can log into root, just not through other users, so i dont think its locked.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 22718245
Is this on Debian?  I've seen a few references to a bug in lib-pam modules.
0
 

Author Comment

by:austinemser
ID: 22718256
gentoo using the hardened kernel
0
 
LVL 48

Accepted Solution

by:
Tintin earned 250 total points
ID: 22718258
Sorry, didn't see the Gentoo tags in your post.

Check the perms on

/sbin/unix_chkpwd
/etc/shadow
0
 
LVL 12

Expert Comment

by:ibu1
ID: 22718282
vu /etc/ssh/sshd_config

PermitRootLogin yes

May need to restart ssh.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 22718288
ssh has nothing to do with being able to su to root.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 12

Expert Comment

by:ibu1
ID: 22718300
0
 

Author Comment

by:austinemser
ID: 22718380
ssh has permitroot login and that shouldnt stop me from su'ing while in ssh
0
 

Author Comment

by:austinemser
ID: 22718389
-rw------- /etc/shadow
-rws--x--x /etc/sbin/unix_chkpwd
0
 
LVL 48

Expert Comment

by:Tintin
ID: 22718619
I'm not 100% sure if the perms for /etc/shadow are correct for Gentoo systems (don't have one I can reference).  I think older versions had group of 'shadow' and perms of 640.
0
 
LVL 20

Assisted Solution

by:edster9999
edster9999 earned 250 total points
ID: 22759096
-rw-------
is correct for shadow - do not change that.


I had a similar problem on a machine where it had lots of failed su's and had locked out the user in the pam accounting area.

Normally this is not done for 'root' but the hardened version may do it.

try
pam_tally --user root

This will tell you if it is keeping a tally on that user.

pam_tally --reset -user root
resets it and will re enable su login if this was the problem/
0
 

Author Comment

by:austinemser
ID: 22759794
after doing the tally and reseting it, it has 0,

then i tried to su in got a message that says 'authentication failure' and it still says
it "has 0"
0
 
LVL 20

Expert Comment

by:edster9999
ID: 22760403
Is that a different message to what you had before ?
Make sure you do have the right password.
Make sure you are in the right groups to get access to 'su'
make sure the account isn't locked out.  (Normally root doesn't get locked out but maybe the hardened version does a 15 mins lock out or something)

Log in as root on the real console and check the logs
0
 

Author Comment

by:austinemser
ID: 22774011
Checked logs same thing as before, root pw is right, user is in the wheel group, account isnt locked out, same error message.

I think it is a problem with unix_chkpwd, but im not sure.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
1. Introduction As many people are interested in Linux but not as many are interested or knowledgeable (enough) to install Linux on their system, here is a safe way to try out Linux on your existing (Windows) system. The idea is that you insta…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now