Re: Help with su on 6.3

Wed, 13 Feb 2008 11:00:50 -0800 

At 12:51 PM 2/13/2008, Neil Gruending wrote:

On 2/12/08, Derek Ragona <[EMAIL PROTECTED]> wrote:
>
>  At 06:16 PM 2/12/2008, Neil Gruending wrote:
>
> Hi,
>
>  Today I upgraded my computer to 6.3, but now root can't su to other
>  users. I login as a regular user (neil) over ssh and I can su to
>  become root. But now root can't su to other users. For example, if I
>  do "su svn" I get "su: Sorry". My boot rc scripts do the same thing
>  where I use su. Everything worked fine when I was running 6.2. Any
>  help is appreciated. I followed the binary upgrade procedure in the
>  release announcement.
>
>  Thanks
>  Neil
>  Did you run mergemaster?  Check your users still exist in /etc/passwd?
>
>          -Derek
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.

I didn't run mergemaster because
http://www.freebsd.org/releases/6.3R/announce.html didn't say to.
However, I did try su at the console with the same result, but I was
getting pam_acct_mgmt: authentication errors. I checked
/etc/master.passwd and noticed that the accounts I was trying to su to
were locked. I tried "passwd account" as root on an account that
wasn't working and once I set a password it I could su to it as long
as logins were enabled. I tried another account with disabled logins
and got "This account is currently not available".

Both of these accounts only exist to let servers run as different
users. What's the proper way to set them up? Maybe that's my issue
instead. I only noticed this because the servers weren't starting
because the init scripts can't su to the right users anymore.

Thanks,
Neil
Well you should always read and follow UPDATING in /usr/src when doing an upgrade.
I usually just set the shell to /usr/bin/false or /usr/sbin/nologin for users like these. Of course you can't test these interactively with su. If you want to do that, give the account a valid login shell, test it, then set it to false or nologin. 

        -Derek


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to