Re: root cannot su to normal user now

From: Stephen Cormier (s.cormier_at_gmx.net)
Date: 09/30/05

  • Next message: Wang Xu: "Re: root cannot su to normal user now" 
    To: debian-user@lists.debian.org
Date: Thu, 29 Sep 2005 22:10:19 -0300

    On September 29, 2005 09:49 pm, Wang Xu wrote:
    > Hi All,
    >
    > I have 2 linux computer, one is running testing, and the other is
    > running unstable.
    >
    > Now the sid one cannot use `su' to change from root to any user,
    > including itself.
    >
    > cannot su - xx
    > cannot su xx
    > cannot su xx -c 'command'
    >
    > but the 'su -c' is improtant for the acpid script for the button of
    > laptop.
    >
    > The libpam0g version in the sid machine is 0.79-1, and in the etch
    > machine is 0.76-23, and
    >
    > I did enable the
    > ``auth sufficient pam_rootok.so''
    > in ``/etc/pam.d/su''
    >
    > and enable the wheel group in it.
    >
    > Any advices? Many thanks.
    >
    > The following is my /etc/pam.d/su, while other setting about pam and
    > login is shipped with the distribution.
    >
    > ************************************************************
    >
    > #
    > # The PAM configuration file for the Shadow `su' service
    > #
    >
    > # Uncomment this to force users to be a member of group root
    > # before they can use `su'. You can also add "group=foo" to
    > # to the end of this line if you want to use a group other
    > # than the default "root".
    > # (Replaces the `SU_WHEEL_ONLY' option from login.defs)
    > auth required pam_wheel.so group=adm
    >
    > # Uncomment this if you want wheel members to be able to
    > # su without a password.
    > auth sufficient pam_wheel.so trust group=adm
    >
    > # Uncomment this if you want members of a specific group to not
    > # be allowed to use su at all.
    > auth required pam_wheel.so deny group=nosu
    >
    > # This allows root to su without passwords (normal operation)
    > auth sufficient pam_rootok.so
    >
    > # Uncomment and edit /etc/security/time.conf if you need to set
    > # time restrainst on su usage.
    > # (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
    > # as well as /etc/porttime)
    > # account requisite pam_time.so
    >
    > # The standard Unix authentication modules, used with
    > # NIS (man nsswitch) as well as normal /etc/passwd and
    > # /etc/shadow entries.
    > @include common-auth
    > @include common-account
    > @include common-session
    >
    > # Sets up user limits, please uncomment and read
    > /etc/security/limits.conf # to enable this functionality.
    > # (Replaces the use of /etc/limits in old login)
    > # session required pam_limits.so

    Try upgrading the login package I think you may have run into bug
    #330291.

    Stephen 

    -- 
Debian the choice of a GNU generation
GPG Public Key: http://users.eastlink.ca/~stephencormier/publickey.asc



    -- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: Wang Xu: "Re: root cannot su to normal user now"