Re: root cannot su to normal user now

Thu, 29 Sep 2005 18:08:28 -0700 

On September 29, 2005 09:49 pm, Wang Xu wrote:
> Hi All,
>
> I have 2 linux computer, one is running testing, and the other is
> running unstable.
>
> Now the sid one cannot use `su' to change from root to any user,
> including itself.
>
> cannot su - xx
> cannot su xx
> cannot su xx -c 'command'
>
> but the 'su -c' is improtant for the acpid script for the button of
> laptop.
>
> The libpam0g version in the sid machine is 0.79-1, and in the etch
> machine is 0.76-23, and
>
> I did enable the
>   ``auth sufficient pam_rootok.so''
> in ``/etc/pam.d/su''
>
> and enable the wheel group in it.
>
> Any advices? Many thanks.
>
> The following is my /etc/pam.d/su, while other setting about pam and
> login is shipped with the distribution.
>
> ************************************************************
>
> #
> # The PAM configuration file for the Shadow `su' service
> #
>
> # Uncomment this to force users to be a member of group root
> # before they can use `su'. You can also add "group=foo" to
> # to the end of this line if you want to use a group other
> # than the default "root".
> # (Replaces the `SU_WHEEL_ONLY' option from login.defs)
> auth       required   pam_wheel.so group=adm
>
> # Uncomment this if you want wheel members to be able to
> # su without a password.
> auth       sufficient pam_wheel.so trust group=adm
>
> # Uncomment this if you want members of a specific group to not
> # be allowed to use su at all.
> auth       required   pam_wheel.so deny group=nosu
>
> # This allows root to su without passwords (normal operation)
> auth       sufficient pam_rootok.so
>
> # Uncomment and edit /etc/security/time.conf if you need to set
> # time restrainst on su usage.
> # (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
> # as well as /etc/porttime)
> # account    requisite  pam_time.so
>
> # The standard Unix authentication modules, used with
> # NIS (man nsswitch) as well as normal /etc/passwd and
> # /etc/shadow entries.
> @include common-auth
> @include common-account
> @include common-session
>
> # Sets up user limits, please uncomment and read
> /etc/security/limits.conf # to enable this functionality.
> # (Replaces the use of /etc/limits in old login)
> # session    required   pam_limits.so

Try upgrading the login package I think you may have run into bug 
#330291.

Stephen
-- 
Debian the choice of a GNU generation

GPG Public Key: http://users.eastlink.ca/~stephencormier/publickey.asc

Attachment: pgpbVAFPCnh68.pgp
Description: PGP signature

Reply via email to