1 |
Problem fixed. |
2 |
|
3 |
/etc/fstab had the root file system mounted with the users option, which |
4 |
disabled the requisite setuid bit on the /bin/su executable, thereby |
5 |
preventing me from su'ing to root from a non-root user. This was despite the |
6 |
fact that the non-root user was in the wheel group. |
7 |
|
8 |
Thanks again for your help. |
9 |
|
10 |
Kris Kerwin |
11 |
|
12 |
On Wednesday 02 August 2006 01:10, Kris Kerwin wrote: |
13 |
> Hi all, |
14 |
> |
15 |
> I just performed a new Gentoo install, and am having a couple of issues |
16 |
> regarding authentication. I think that the problem is something to do with |
17 |
> PAM/Shadow. (No ... it's not the blocking issue between pam-login and |
18 |
> shadow). |
19 |
> |
20 |
> I run a single user system with just users for myself (username: kris) and |
21 |
> root. I cannot su into the root account from my personal account. I have |
22 |
> added kris to the group wheel using the `gpasswd -a kris wheel', but still |
23 |
> cannot su. I verified that kris is in the wheel group by logging in and |
24 |
> trying the `groups' command. |
25 |
> |
26 |
> Then, I tried editing `/etc/pam.d/su' and commenting out the line `auth |
27 |
> required pam_wheel.so use_uid', as the comment above it states that doing |
28 |
> so will allow users who are not in the wheel group to su. Still, no joy. |
29 |
> Other comments in that file state that you may give explicit rights to |
30 |
> specific users by creating the file `/etc/security/suauth.allow' with each |
31 |
> allowed user on their own line. Still, no joy. |
32 |
> |
33 |
> On a (possibly) related note: while trying to switch from a graphical login |
34 |
> to a virtual console to work on some of these problems, I found that the |
35 |
> usual Ctrl-Alt-F* incantation did not work. The only way to switch to a |
36 |
> virtual console was to right click on the desktop and go through the |
37 |
> `Switch User' menu function on KDE. Further, when switching back to the |
38 |
> graphical login from the console, I found that the screensaver had come on |
39 |
> and had locked the desktop (though this was disabled within KDE's |
40 |
> configuration). The big problem, however, came when I could not unlock the |
41 |
> screensaver with my password. |
42 |
> |
43 |
> Also, kris' attempts to change his passwd are met with the error: |
44 |
> `Authentication token manipulation error'. |
45 |
> |
46 |
> Thanks in advance for all of your help. System information is appended |
47 |
> below. |
48 |
> |
49 |
> Kris Kerwin |
50 |
> |
51 |
> |
52 |
> |
53 |
> ========== System Info ========== |
54 |
> |
55 |
> I run `pam-0.78-r3 USE=berkdb' and `shadow-4.0.15-r2 USE=nls pam' on the |
56 |
> following system: |
57 |
> |
58 |
> Portage 2.1-r1 (!/usr/portage/profiles/default-linux/x86/2006.0, gcc-3.4.6, |
59 |
> glibc-2.3.6-r4, 2.6.16-suspend2-r8 i686) |
60 |
> ================================================================= |
61 |
> System uname: 2.6.16-suspend2-r8 i686 Intel(R) Pentium(R) 4 CPU 3.20GHz |
62 |
> Gentoo Base System version 1.6.15 |
63 |
> app-admin/eselect-compiler: [Not Present] |
64 |
> dev-lang/python: 2.4.3-r1 |
65 |
> dev-python/pycrypto: 2.0.1-r5 |
66 |
> dev-util/ccache: [Not Present] |
67 |
> dev-util/confcache: [Not Present] |
68 |
> sys-apps/sandbox: 1.2.17 |
69 |
> sys-devel/autoconf: 2.13, 2.59-r7 |
70 |
> sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 |
71 |
> sys-devel/binutils: 2.16.1-r3 |
72 |
> sys-devel/gcc-config: 1.3.13-r3 |
73 |
> sys-devel/libtool: 1.5.22 |
74 |
> virtual/os-headers: 2.6.11-r2 |
75 |
> ACCEPT_KEYWORDS="x86" |
76 |
> AUTOCLEAN="yes" |
77 |
> CBUILD="i686-pc-linux-gnu" |
78 |
> CFLAGS="-march=pentium4 -O3 -pipe" |
79 |
> CHOST="i686-pc-linux-gnu" |
80 |
> CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config |
81 |
> /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config |
82 |
> /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ |
83 |
> /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ |
84 |
> /usr/share/texmf/xdvi/" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf |
85 |
> /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O2 -mcpu=i686 -pipe" |
86 |
> DISTDIR="/usr/portage/distfiles" |
87 |
> FEATURES="autoconfig ccache cvs distlocks fixpackages metadata-transfer |
88 |
> notitles sandbox sfperms strict userpriv" |
89 |
> GENTOO_MIRRORS="http://distfiles.gentoo.org |
90 |
> http://distro.ibiblio.org/pub/linux/distributions/gentoo" |
91 |
> MAKEOPTS="-j3" |
92 |
> PKGDIR="/usr/portage/packages" |
93 |
> PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times |
94 |
> --compress --force --whole-file --delete --delete-after --stats |
95 |
> --timeout=180 --exclude='/distfiles' --exclude='/local' |
96 |
> --exclude='/packages'" PORTAGE_TMPDIR="/tmp/build" |
97 |
> PORTDIR="/usr/target/ports" |
98 |
> SYNC="rsync://rsync.gentoo.org/gentoo-portage" |
99 |
> USE="x86 X acpi adns aim alsa apache2 apm arts artswrappersuid asm |
100 |
> audiofile avi berkdb bitmap-fonts bzip2 cddb cdparanoia cli crypt cups dga |
101 |
> divx4linux dlloader doc dri dvb dvd dvdr dvdread eds emboss encode esd |
102 |
> ethereal f77 font-server foomaticdb fortran gdbm gif gnome gpm gstreamer |
103 |
> gtk gtk2 heimdal icq imlib ipv6 isdnlog jabber java javascript jikes |
104 |
> joystick jpeg kde kerberos koffice-plugin libg++ libwww mad mikmod mime |
105 |
> motif mp3 mpeg mplayer msn ncurses nls nocd nptl offensive ogg opengl oscar |
106 |
> oss pam pcre pda pdflib perl png posix pppd python qt qt3 qt4 quicktime |
107 |
> readline real reflection sdl session smime spell spl sse ssl svg tcpd |
108 |
> truetype truetype-fonts type1-fonts udev unicode usb videos vorbis wmf xine |
109 |
> xinerama xml xmms xorg xscreensaver xv yahoo zlib elibc_glibc |
110 |
> input_devices_keyboard input_devices_mouse input_devices_evdev kernel_linux |
111 |
> userland_GNU video_cards_radeon" |
112 |
> Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, |
113 |
> LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY |
114 |
-- |
115 |
gentoo-user@g.o mailing list |