[SOLVED] Re: [gentoo-user] Authentication Issues - gentoo-user

From:	Kris Kerwin <kkerwin@×××××××××.com>
To:	gentoo-user@l.g.o
Subject:	[SOLVED] Re: [gentoo-user] Authentication Issues
Date:	Thu, 03 Aug 2006 18:16:23
Message-Id:	`200608030105.02937.kkerwin@insightbb.com`
In Reply to:	[gentoo-user] Authentication Issues by Kris Kerwin

1

Problem fixed.

2

3

/etc/fstab had the root file system mounted with the users option, which 

4

disabled the requisite setuid bit on the /bin/su executable, thereby 

5

preventing me from su'ing to root from a non-root user. This was despite the 

6

fact that the non-root user was in the wheel group.

7

8

Thanks again for your help.

9

10

Kris Kerwin

11

12

On Wednesday 02 August 2006 01:10, Kris Kerwin wrote:

13

> Hi all,

14

>

15

> I just performed a new Gentoo install, and am having a couple of issues

16

> regarding authentication. I think that the problem is something to do with

17

> PAM/Shadow. (No ... it's not the blocking issue between pam-login and

18

> shadow).

19

>

20

> I run a single user system with just users for myself (username: kris) and

21

> root. I cannot su into the root account from my personal account. I have

22

> added kris to the group wheel using the `gpasswd -a kris wheel', but still

23

> cannot su. I verified that kris is in the wheel group by logging in and

24

> trying the `groups' command.

25

>

26

> Then, I tried editing `/etc/pam.d/su' and commenting out the line `auth

27

> required pam_wheel.so use_uid', as the comment above it states that doing

28

> so will allow users who are not in the wheel group to su. Still, no joy.

29

> Other comments in that file state that you may give explicit rights to

30

> specific users by creating the file `/etc/security/suauth.allow' with each

31

> allowed user on their own line. Still, no joy.

32

>

33

> On a (possibly) related note: while trying to switch from a graphical login

34

> to a virtual console to work on some of these problems, I found that the

35

> usual Ctrl-Alt-F* incantation did not work. The only way to switch to a

36

> virtual console was to right click on the desktop and go through the

37

> `Switch User' menu function on KDE. Further, when switching back to the

38

> graphical login from the console, I found that the screensaver had come on

39

> and had locked the desktop (though this was disabled within KDE's

40

> configuration). The big problem, however, came when I could not unlock the

41

> screensaver with my password.

42

>

43

> Also, kris' attempts to change his passwd are met with the error:

44

> `Authentication token manipulation error'.

45

>

46

> Thanks in advance for all of your help. System information is appended

47

> below.

48

>

49

> Kris Kerwin

50

>

51

>

52

>

53

> ========== System Info ==========

54

>

55

> I run `pam-0.78-r3 USE=berkdb' and `shadow-4.0.15-r2 USE=nls pam' on the

56

> following system:

57

>

58

> Portage 2.1-r1 (!/usr/portage/profiles/default-linux/x86/2006.0, gcc-3.4.6,

59

> glibc-2.3.6-r4, 2.6.16-suspend2-r8 i686)

60

> =================================================================

61

> System uname: 2.6.16-suspend2-r8 i686 Intel(R) Pentium(R) 4 CPU 3.20GHz

62

> Gentoo Base System version 1.6.15

63

> app-admin/eselect-compiler: [Not Present]

64

> dev-lang/python:     2.4.3-r1

65

> dev-python/pycrypto: 2.0.1-r5

66

> dev-util/ccache:     [Not Present]

67

> dev-util/confcache:  [Not Present]

68

> sys-apps/sandbox:    1.2.17

69

> sys-devel/autoconf:  2.13, 2.59-r7

70

> sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2

71

> sys-devel/binutils:  2.16.1-r3

72

> sys-devel/gcc-config: 1.3.13-r3

73

> sys-devel/libtool:   1.5.22

74

> virtual/os-headers:  2.6.11-r2

75

> ACCEPT_KEYWORDS="x86"

76

> AUTOCLEAN="yes"

77

> CBUILD="i686-pc-linux-gnu"

78

> CFLAGS="-march=pentium4 -O3 -pipe"

79

> CHOST="i686-pc-linux-gnu"

80

> CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config

81

> /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config

82

> /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/

83

> /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/

84

> /usr/share/texmf/xdvi/" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf

85

> /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O2 -mcpu=i686 -pipe"

86

> DISTDIR="/usr/portage/distfiles"

87

> FEATURES="autoconfig ccache cvs distlocks fixpackages metadata-transfer

88

> notitles sandbox sfperms strict userpriv"

89

> GENTOO_MIRRORS="http://distfiles.gentoo.org

90

> http://distro.ibiblio.org/pub/linux/distributions/gentoo"

91

> MAKEOPTS="-j3"

92

> PKGDIR="/usr/portage/packages"

93

> PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times

94

> --compress --force --whole-file --delete --delete-after --stats

95

> --timeout=180 --exclude='/distfiles' --exclude='/local'

96

> --exclude='/packages'" PORTAGE_TMPDIR="/tmp/build"

97

> PORTDIR="/usr/target/ports"

98

> SYNC="rsync://rsync.gentoo.org/gentoo-portage"

99

> USE="x86 X acpi adns aim alsa apache2 apm arts artswrappersuid asm

100

> audiofile avi berkdb bitmap-fonts bzip2 cddb cdparanoia cli crypt cups dga

101

> divx4linux dlloader doc dri dvb dvd dvdr dvdread eds emboss encode esd

102

> ethereal f77 font-server foomaticdb fortran gdbm gif gnome gpm gstreamer

103

> gtk gtk2 heimdal icq imlib ipv6 isdnlog jabber java javascript jikes

104

> joystick jpeg kde kerberos koffice-plugin libg++ libwww mad mikmod mime

105

> motif mp3 mpeg mplayer msn ncurses nls nocd nptl offensive ogg opengl oscar

106

> oss pam pcre pda pdflib perl png posix pppd python qt qt3 qt4 quicktime

107

> readline real reflection sdl session smime spell spl sse ssl svg tcpd

108

> truetype truetype-fonts type1-fonts udev unicode usb videos vorbis wmf xine

109

> xinerama xml xmms xorg xscreensaver xv yahoo zlib elibc_glibc

110

> input_devices_keyboard input_devices_mouse input_devices_evdev kernel_linux

111

> userland_GNU video_cards_radeon"

112

> Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS,

113

> LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

114

--

115

gentoo-user@g.o mailing list

1	Problem fixed.
2
3	/etc/fstab had the root file system mounted with the users option, which
4	disabled the requisite setuid bit on the /bin/su executable, thereby
5	preventing me from su'ing to root from a non-root user. This was despite the
6	fact that the non-root user was in the wheel group.
7
8	Thanks again for your help.
9
10	Kris Kerwin
11
12	On Wednesday 02 August 2006 01:10, Kris Kerwin wrote:
13	> Hi all,
14	>
15	> I just performed a new Gentoo install, and am having a couple of issues
16	> regarding authentication. I think that the problem is something to do with
17	> PAM/Shadow. (No ... it's not the blocking issue between pam-login and
18	> shadow).
19	>
20	> I run a single user system with just users for myself (username: kris) and
21	> root. I cannot su into the root account from my personal account. I have
22	> added kris to the group wheel using the `gpasswd -a kris wheel', but still
23	> cannot su. I verified that kris is in the wheel group by logging in and
24	> trying the `groups' command.
25	>
26	> Then, I tried editing `/etc/pam.d/su' and commenting out the line `auth
27	> required pam_wheel.so use_uid', as the comment above it states that doing
28	> so will allow users who are not in the wheel group to su. Still, no joy.
29	> Other comments in that file state that you may give explicit rights to
30	> specific users by creating the file `/etc/security/suauth.allow' with each
31	> allowed user on their own line. Still, no joy.
32	>
33	> On a (possibly) related note: while trying to switch from a graphical login
34	> to a virtual console to work on some of these problems, I found that the
35	> usual Ctrl-Alt-F* incantation did not work. The only way to switch to a
36	> virtual console was to right click on the desktop and go through the
37	> `Switch User' menu function on KDE. Further, when switching back to the
38	> graphical login from the console, I found that the screensaver had come on
39	> and had locked the desktop (though this was disabled within KDE's
40	> configuration). The big problem, however, came when I could not unlock the
41	> screensaver with my password.
42	>
43	> Also, kris' attempts to change his passwd are met with the error:
44	> `Authentication token manipulation error'.
45	>
46	> Thanks in advance for all of your help. System information is appended
47	> below.
48	>
49	> Kris Kerwin
50	>
51	>
52	>
53	> ========== System Info ==========
54	>
55	> I run `pam-0.78-r3 USE=berkdb' and `shadow-4.0.15-r2 USE=nls pam' on the
56	> following system:
57	>
58	> Portage 2.1-r1 (!/usr/portage/profiles/default-linux/x86/2006.0, gcc-3.4.6,
59	> glibc-2.3.6-r4, 2.6.16-suspend2-r8 i686)
60	> =================================================================
61	> System uname: 2.6.16-suspend2-r8 i686 Intel(R) Pentium(R) 4 CPU 3.20GHz
62	> Gentoo Base System version 1.6.15
63	> app-admin/eselect-compiler: [Not Present]
64	> dev-lang/python: 2.4.3-r1
65	> dev-python/pycrypto: 2.0.1-r5
66	> dev-util/ccache: [Not Present]
67	> dev-util/confcache: [Not Present]
68	> sys-apps/sandbox: 1.2.17
69	> sys-devel/autoconf: 2.13, 2.59-r7
70	> sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
71	> sys-devel/binutils: 2.16.1-r3
72	> sys-devel/gcc-config: 1.3.13-r3
73	> sys-devel/libtool: 1.5.22
74	> virtual/os-headers: 2.6.11-r2
75	> ACCEPT_KEYWORDS="x86"
76	> AUTOCLEAN="yes"
77	> CBUILD="i686-pc-linux-gnu"
78	> CFLAGS="-march=pentium4 -O3 -pipe"
79	> CHOST="i686-pc-linux-gnu"
80	> CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
81	> /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config
82	> /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/
83	> /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/
84	> /usr/share/texmf/xdvi/" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf
85	> /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O2 -mcpu=i686 -pipe"
86	> DISTDIR="/usr/portage/distfiles"
87	> FEATURES="autoconfig ccache cvs distlocks fixpackages metadata-transfer
88	> notitles sandbox sfperms strict userpriv"
89	> GENTOO_MIRRORS="http://distfiles.gentoo.org
90	> http://distro.ibiblio.org/pub/linux/distributions/gentoo"
91	> MAKEOPTS="-j3"
92	> PKGDIR="/usr/portage/packages"
93	> PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times
94	> --compress --force --whole-file --delete --delete-after --stats
95	> --timeout=180 --exclude='/distfiles' --exclude='/local'
96	> --exclude='/packages'" PORTAGE_TMPDIR="/tmp/build"
97	> PORTDIR="/usr/target/ports"
98	> SYNC="rsync://rsync.gentoo.org/gentoo-portage"
99	> USE="x86 X acpi adns aim alsa apache2 apm arts artswrappersuid asm
100	> audiofile avi berkdb bitmap-fonts bzip2 cddb cdparanoia cli crypt cups dga
101	> divx4linux dlloader doc dri dvb dvd dvdr dvdread eds emboss encode esd
102	> ethereal f77 font-server foomaticdb fortran gdbm gif gnome gpm gstreamer
103	> gtk gtk2 heimdal icq imlib ipv6 isdnlog jabber java javascript jikes
104	> joystick jpeg kde kerberos koffice-plugin libg++ libwww mad mikmod mime
105	> motif mp3 mpeg mplayer msn ncurses nls nocd nptl offensive ogg opengl oscar
106	> oss pam pcre pda pdflib perl png posix pppd python qt qt3 qt4 quicktime
107	> readline real reflection sdl session smime spell spl sse ssl svg tcpd
108	> truetype truetype-fonts type1-fonts udev unicode usb videos vorbis wmf xine
109	> xinerama xml xmms xorg xscreensaver xv yahoo zlib elibc_glibc
110	> input_devices_keyboard input_devices_mouse input_devices_evdev kernel_linux
111	> userland_GNU video_cards_radeon"
112	> Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS,
113	> LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
114	--
115	gentoo-user@g.o mailing list

Gentoo Archives: gentoo-user