root cannot su to normal user now

From: Wang Xu (gnawux_at_gmail.com)
Date: 09/30/05

  • Next message: BUYO-BUYO-IGOR: "just wanna switch the menu.lst for grub in the mbr to read" 
    Date: Fri, 30 Sep 2005 08:49:57 +0800
To: Debian User List <debian-user@lists.debian.org>

    Hi All,

    I have 2 linux computer, one is running testing, and the other is running
    unstable.

    Now the sid one cannot use `su' to change from root to any user, including
    itself.

    cannot su - xx
    cannot su xx
    cannot su xx -c 'command'

    but the 'su -c' is improtant for the acpid script for the button of laptop.

    The libpam0g version in the sid machine is 0.79-1, and in the etch machine
    is 0.76-23, and

    I did enable the
      ``auth sufficient pam_rootok.so''
    in ``/etc/pam.d/su''

    and enable the wheel group in it.

    Any advices? Many thanks.

    The following is my /etc/pam.d/su, while other setting about pam and login
    is shipped with the distribution.

    ************************************************************

    #
    # The PAM configuration file for the Shadow `su' service
    #

    # Uncomment this to force users to be a member of group root
    # before they can use `su'. You can also add "group=foo" to
    # to the end of this line if you want to use a group other
    # than the default "root".
    # (Replaces the `SU_WHEEL_ONLY' option from login.defs)
    auth required pam_wheel.so group=adm

    # Uncomment this if you want wheel members to be able to
    # su without a password.
    auth sufficient pam_wheel.so trust group=adm

    # Uncomment this if you want members of a specific group to not
    # be allowed to use su at all.
    auth required pam_wheel.so deny group=nosu

    # This allows root to su without passwords (normal operation)
    auth sufficient pam_rootok.so

    # Uncomment and edit /etc/security/time.conf if you need to set
    # time restrainst on su usage.
    # (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
    # as well as /etc/porttime)
    # account requisite pam_time.so

    # The standard Unix authentication modules, used with
    # NIS (man nsswitch) as well as normal /etc/passwd and
    # /etc/shadow entries.
    @include common-auth
    @include common-account
    @include common-session

    # Sets up user limits, please uncomment and read /etc/security/limits.conf
    # to enable this functionality.
    # (Replaces the use of /etc/limits in old login)
    # session required pam_limits.so

  • Next message: BUYO-BUYO-IGOR: "just wanna switch the menu.lst for grub in the mbr to read"