On September 29, 2005 09:49 pm, Wang Xu wrote: > Hi All, > > I have 2 linux computer, one is running testing, and the other is > running unstable. > > Now the sid one cannot use `su' to change from root to any user, > including itself. > > cannot su - xx > cannot su xx > cannot su xx -c 'command' > > but the 'su -c' is improtant for the acpid script for the button of > laptop. > > The libpam0g version in the sid machine is 0.79-1, and in the etch > machine is 0.76-23, and > > I did enable the > ``auth sufficient pam_rootok.so'' > in ``/etc/pam.d/su'' > > and enable the wheel group in it. > > Any advices? Many thanks. > > The following is my /etc/pam.d/su, while other setting about pam and > login is shipped with the distribution. > > ************************************************************ > > # > # The PAM configuration file for the Shadow `su' service > # > > # Uncomment this to force users to be a member of group root > # before they can use `su'. You can also add "group=foo" to > # to the end of this line if you want to use a group other > # than the default "root". > # (Replaces the `SU_WHEEL_ONLY' option from login.defs) > auth required pam_wheel.so group=adm > > # Uncomment this if you want wheel members to be able to > # su without a password. > auth sufficient pam_wheel.so trust group=adm > > # Uncomment this if you want members of a specific group to not > # be allowed to use su at all. > auth required pam_wheel.so deny group=nosu > > # This allows root to su without passwords (normal operation) > auth sufficient pam_rootok.so > > # Uncomment and edit /etc/security/time.conf if you need to set > # time restrainst on su usage. > # (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs > # as well as /etc/porttime) > # account requisite pam_time.so > > # The standard Unix authentication modules, used with > # NIS (man nsswitch) as well as normal /etc/passwd and > # /etc/shadow entries. > @include common-auth > @include common-account > @include common-session > > # Sets up user limits, please uncomment and read > /etc/security/limits.conf # to enable this functionality. > # (Replaces the use of /etc/limits in old login) > # session required pam_limits.so
Try upgrading the login package I think you may have run into bug #330291. Stephen -- Debian the choice of a GNU generation GPG Public Key: http://users.eastlink.ca/~stephencormier/publickey.asc
pgpbVAFPCnh68.pgp
Description: PGP signature