Re: cannot su?
Robert Watson wrote: I've modified the su(1) source in HEAD to print a message if su(1) is executed without an effective uid of 0 (i.e., as root, or setuid as another user). Hopefully this error message will be more suggestive than "sorry": paprika:~/freebsd/commit/src/usr.bin/su> ./su su: not running setuid Assuming I didn't shoot any feet, I'll MFC this to RELENG_5 in a couple of weeks. Thanks! :) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: cannot su?
On Mon, 17 Jan 2005, Ivan Voras wrote: > >>I have a user that's in wheel group. Logging in as root works on the > >>console, but su-ing from the user just writes 'Sorry', like the > >>password's wrong. There are no clues in log files. > > > > Make sure /usr/sbin/su is suid root (and /usr isn't mounted nosuid). > > It's stupid of me not to have checked that, but this is a very good > candidate for more information/verbosity - failure mode was just like > password/credentials were invalid. I've modified the su(1) source in HEAD to print a message if su(1) is executed without an effective uid of 0 (i.e., as root, or setuid as another user). Hopefully this error message will be more suggestive than "sorry": paprika:~/freebsd/commit/src/usr.bin/su> ./su su: not running setuid Assuming I didn't shoot any feet, I'll MFC this to RELENG_5 in a couple of weeks. Robert N M Watson ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: cannot su?
Michael Nottebrock wrote: On Sunday, 16. January 2005 01:07, Ivan Voras wrote: What could be the reasons for "su root" to not work? I have a user that's in wheel group. Logging in as root works on the console, but su-ing from the user just writes 'Sorry', like the password's wrong. There are no clues in log files. Make sure /usr/sbin/su is suid root (and /usr isn't mounted nosuid). Bingo! It's stupid of me not to have checked that, but this is a very good candidate for more information/verbosity - failure mode was just like password/credentials were invalid. I installed the computer from the FreeSBIE live CD, as it already includes a bunch of desktop & multimedia programs I use, and during installation it seems that suid bits were not replicated! Thanks for the help! ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: cannot su?
On Sun, Jan 16, 2005 at 01:07:07AM +0100, Ivan Voras wrote: > What could be the reasons for "su root" to not work? > > I have a user that's in wheel group. Logging in as root works on the > console, but su-ing from the user just writes 'Sorry', like the > password's wrong. There are no clues in log files. > > /etc/pam.d/su is identical to another machine where everything works ok. Are you using NIS? I've had issues where the machine tries to look up the root password using NIS because of improperly placed + and - commands in /etc/passwd. -- -- Skylar Thompson ([EMAIL PROTECTED]) -- http://www.cs.earlham.edu/~skylar/ pgp5eBPo7aKqm.pgp Description: PGP signature
Re: cannot su?
+++ Ivan Voras [Sunday 16 January 2005 02:18]: > Kris Kennaway wrote: > >On Sun, Jan 16, 2005 at 01:15:34AM +0100, Ivan Voras wrote: > > > >>Kris Kennaway wrote: > > /etc/pam.d/su is identical to another machine where everything works ok. > > > > >OK. /etc/pam.d/su on 5.3 includes /etc/pam.d/system, so also make > >sure they're in sync. > > /etc/pam.d/system is the same as on the working system. > ___ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > Could this be anything to do with : security.bsd.suser_enabled what's yours set to ? Cheers -- Thomas Dymond "a mouse is a device used to point at the xterm you want to type in" PGP ID : 0x8D423A2B PGP Key : http://www.kmem.org/~tom/pgp/pubkey.asc pgpX3VfY7ZEmd.pgp Description: PGP signature
Re: cannot su?
On Sunday, 16. January 2005 01:07, Ivan Voras wrote: > What could be the reasons for "su root" to not work? > > I have a user that's in wheel group. Logging in as root works on the > console, but su-ing from the user just writes 'Sorry', like the > password's wrong. There are no clues in log files. Make sure /usr/sbin/su is suid root (and /usr isn't mounted nosuid). -- ,_, | Michael Nottebrock | [EMAIL PROTECTED] (/^ ^\) | FreeBSD - The Power to Serve | http://www.freebsd.org \u/ | K Desktop Environment on FreeBSD | http://freebsd.kde.org pgp7JevHKBYyG.pgp Description: PGP signature
Re: cannot su?
Thomas Dymond wrote: Could this be anything to do with : security.bsd.suser_enabled what's yours set to ? security.bsd.suser_enabled: 1 But, I noticed I've got security.mac.* enabled somehow (it's not my kernel...) - could MAC be interfering? ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: cannot su?
On Sat, Jan 15, 2005 at 10:46:03PM -0500, Robert William Vesterman wrote: > I have a similar problem, but only after I use X. I can su perfectly > fine before using X, and I can su perfectly fine while using X (and a > terminal window), but after exiting X, if I want to su, I have to reboot. You might want to try the following C program to check that getlogin is returning the right name at each stage. David. 10:18:gonzo 17% cat printlogin.c #include #include int main(void) { puts(getlogin()); } 10:18:gonzo 18% gcc -o printlogin printlogin.c 10:18:gonzo 19% ./printlogin dwmalone ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: cannot su?
I have a similar problem, but only after I use X. I can su perfectly fine before using X, and I can su perfectly fine while using X (and a terminal window), but after exiting X, if I want to su, I have to reboot. Ivan Voras wrote: What could be the reasons for "su root" to not work? I have a user that's in wheel group. Logging in as root works on the console, but su-ing from the user just writes 'Sorry', like the password's wrong. There are no clues in log files. /etc/pam.d/su is identical to another machine where everything works ok. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: cannot su?
Kris Kennaway wrote: On Sun, Jan 16, 2005 at 01:15:34AM +0100, Ivan Voras wrote: Kris Kennaway wrote: /etc/pam.d/su is identical to another machine where everything works ok. OK. /etc/pam.d/su on 5.3 includes /etc/pam.d/system, so also make sure they're in sync. /etc/pam.d/system is the same as on the working system. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: cannot su?
On Sun, Jan 16, 2005 at 01:15:34AM +0100, Ivan Voras wrote: > Kris Kennaway wrote: > >On Sun, Jan 16, 2005 at 01:07:07AM +0100, Ivan Voras wrote: > > >>/etc/pam.d/su is identical to another machine where everything works ok. > > > > > >You forgot to mention what version (4.x doesn't use /etc/pam.d) > > oops. 5.3-release. OK. /etc/pam.d/su on 5.3 includes /etc/pam.d/system, so also make sure they're in sync. Kris pgpyjw1uQaCPf.pgp Description: PGP signature
Re: cannot su?
Kris Kennaway wrote: On Sun, Jan 16, 2005 at 01:07:07AM +0100, Ivan Voras wrote: /etc/pam.d/su is identical to another machine where everything works ok. You forgot to mention what version (4.x doesn't use /etc/pam.d) oops. 5.3-release. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: cannot su?
On Sun, Jan 16, 2005 at 01:07:07AM +0100, Ivan Voras wrote: > What could be the reasons for "su root" to not work? > > I have a user that's in wheel group. Logging in as root works on the > console, but su-ing from the user just writes 'Sorry', like the > password's wrong. There are no clues in log files. > > /etc/pam.d/su is identical to another machine where everything works ok. You forgot to mention what version (4.x doesn't use /etc/pam.d) Kris pgpff4LZzLQIw.pgp Description: PGP signature