Re: cannot su?

2005-01-17 Thread Ivan Voras 
Michael Nottebrock wrote:
On Sunday, 16. January 2005 01:07, Ivan Voras wrote:
What could be the reasons for su root to not work?
I have a user that's in wheel group. Logging in as root works on the
console, but su-ing from the user just writes 'Sorry', like the
password's wrong. There are no clues in log files.

Make sure /usr/sbin/su is suid root (and /usr isn't mounted nosuid).
Bingo!
It's stupid of me not to have checked that, but this is a very good 
candidate for more information/verbosity - failure mode was just like 
password/credentials were invalid.

I installed the computer from the FreeSBIE live CD, as it already 
includes a bunch of desktop  multimedia programs I use, and during 
installation it seems that suid bits were not replicated!

Thanks for the help!
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: cannot su?

2005-01-17 Thread Robert Watson 
On Mon, 17 Jan 2005, Ivan Voras wrote:

 I have a user that's in wheel group. Logging in as root works on the
 console, but su-ing from the user just writes 'Sorry', like the
 password's wrong. There are no clues in log files.
  
  Make sure /usr/sbin/su is suid root (and /usr isn't mounted nosuid).
 
 It's stupid of me not to have checked that, but this is a very good
 candidate for more information/verbosity - failure mode was just like
 password/credentials were invalid. 

I've modified the su(1) source in HEAD to print a message if su(1) is
executed without an effective uid of 0 (i.e., as root, or setuid as
another user).  Hopefully this error message will be more suggestive than
sorry: 

  paprika:~/freebsd/commit/src/usr.bin/su ./su
  su: not running setuid

Assuming I didn't shoot any feet, I'll MFC this to RELENG_5 in a couple of
weeks.

Robert N M Watson


___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: cannot su?

2005-01-17 Thread Ivan Voras 
Robert Watson wrote:
I've modified the su(1) source in HEAD to print a message if su(1) is
executed without an effective uid of 0 (i.e., as root, or setuid as
another user).  Hopefully this error message will be more suggestive than
sorry: 

  paprika:~/freebsd/commit/src/usr.bin/su ./su
  su: not running setuid
Assuming I didn't shoot any feet, I'll MFC this to RELENG_5 in a couple of
weeks.
Thanks! :)
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: cannot su?

2005-01-16 Thread David Malone 
On Sat, Jan 15, 2005 at 10:46:03PM -0500, Robert William Vesterman wrote:
 I have a similar problem, but only after I use X.  I can su perfectly 
 fine before using X, and I can su perfectly fine while using X (and a 
 terminal window), but after exiting X, if I want to su, I have to reboot.

You might want to try the following C program to check that getlogin
is returning the right name at each stage.

David.

10:18:gonzo 17% cat printlogin.c
#include stdio.h
#include unistd.h

int main(void) { puts(getlogin()); }
10:18:gonzo 18% gcc -o printlogin printlogin.c
10:18:gonzo 19% ./printlogin
dwmalone
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: cannot su?

2005-01-16 Thread Ivan Voras 
Thomas Dymond wrote:
Could this be anything to do with : security.bsd.suser_enabled
what's yours set to ?
security.bsd.suser_enabled: 1
But, I noticed I've got security.mac.* enabled somehow (it's not my 
kernel...) - could MAC be interfering?
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: cannot su?

2005-01-16 Thread Michael Nottebrock 
On Sunday, 16. January 2005 01:07, Ivan Voras wrote:
 What could be the reasons for su root to not work?

 I have a user that's in wheel group. Logging in as root works on the
 console, but su-ing from the user just writes 'Sorry', like the
 password's wrong. There are no clues in log files.

Make sure /usr/sbin/su is suid root (and /usr isn't mounted nosuid).

-- 
   ,_,   | Michael Nottebrock   | [EMAIL PROTECTED]
 (/^ ^\) | FreeBSD - The Power to Serve | http://www.freebsd.org
   \u/   | K Desktop Environment on FreeBSD | http://freebsd.kde.org


pgp7JevHKBYyG.pgp
Description: PGP signature

Re: cannot su?

2005-01-16 Thread Thomas Dymond 
+++ Ivan Voras [Sunday 16 January 2005  02:18]:
 Kris Kennaway wrote:
 On Sun, Jan 16, 2005 at 01:15:34AM +0100, Ivan Voras wrote:
 
 Kris Kennaway wrote:
 
 /etc/pam.d/su is identical to another machine where everything works ok.
 
 
 OK.  /etc/pam.d/su on 5.3 includes /etc/pam.d/system, so also make
 sure they're in sync.
 
 /etc/pam.d/system is the same as on the working system.
 ___
 freebsd-stable@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-stable
 To unsubscribe, send any mail to [EMAIL PROTECTED]
 

Could this be anything to do with : security.bsd.suser_enabled

what's yours set to ?



Cheers

-- 
Thomas Dymond

a mouse is a device used to point at the xterm you want to type in

PGP ID : 0x8D423A2B
PGP Key : http://www.kmem.org/~tom/pgp/pubkey.asc


pgpX3VfY7ZEmd.pgp
Description: PGP signature

Re: cannot su?

2005-01-16 Thread Skylar Thompson 
On Sun, Jan 16, 2005 at 01:07:07AM +0100, Ivan Voras wrote:
 What could be the reasons for su root to not work?
 
 I have a user that's in wheel group. Logging in as root works on the 
 console, but su-ing from the user just writes 'Sorry', like the 
 password's wrong. There are no clues in log files.
 
 /etc/pam.d/su is identical to another machine where everything works ok.

Are you using NIS? I've had issues where the machine tries to look up the
root password using NIS because of improperly placed + and - commands in
/etc/passwd.

-- 
-- Skylar Thompson ([EMAIL PROTECTED])
-- http://www.cs.earlham.edu/~skylar/


pgp5eBPo7aKqm.pgp
Description: PGP signature

cannot su?

2005-01-15 Thread Ivan Voras 
What could be the reasons for su root to not work?
I have a user that's in wheel group. Logging in as root works on the 
console, but su-ing from the user just writes 'Sorry', like the 
password's wrong. There are no clues in log files.

/etc/pam.d/su is identical to another machine where everything works ok.
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: cannot su?

2005-01-15 Thread Kris Kennaway 
On Sun, Jan 16, 2005 at 01:07:07AM +0100, Ivan Voras wrote:
 What could be the reasons for su root to not work?
 
 I have a user that's in wheel group. Logging in as root works on the 
 console, but su-ing from the user just writes 'Sorry', like the 
 password's wrong. There are no clues in log files.
 
 /etc/pam.d/su is identical to another machine where everything works ok.

You forgot to mention what version (4.x doesn't use /etc/pam.d)

Kris


pgpff4LZzLQIw.pgp
Description: PGP signature

Re: cannot su?

2005-01-15 Thread Ivan Voras 
Kris Kennaway wrote:
On Sun, Jan 16, 2005 at 01:07:07AM +0100, Ivan Voras wrote:

/etc/pam.d/su is identical to another machine where everything works ok.
You forgot to mention what version (4.x doesn't use /etc/pam.d)
oops. 5.3-release.
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: cannot su?

2005-01-15 Thread Kris Kennaway 
On Sun, Jan 16, 2005 at 01:15:34AM +0100, Ivan Voras wrote:
 Kris Kennaway wrote:
 On Sun, Jan 16, 2005 at 01:07:07AM +0100, Ivan Voras wrote:
 
 /etc/pam.d/su is identical to another machine where everything works ok.
 
 
 You forgot to mention what version (4.x doesn't use /etc/pam.d)
 
 oops. 5.3-release.

OK.  /etc/pam.d/su on 5.3 includes /etc/pam.d/system, so also make
sure they're in sync.

Kris


pgpyjw1uQaCPf.pgp
Description: PGP signature

Re: cannot su?

2005-01-15 Thread Ivan Voras 
Kris Kennaway wrote:
On Sun, Jan 16, 2005 at 01:15:34AM +0100, Ivan Voras wrote:
Kris Kennaway wrote:

/etc/pam.d/su is identical to another machine where everything works ok.

OK.  /etc/pam.d/su on 5.3 includes /etc/pam.d/system, so also make
sure they're in sync.
/etc/pam.d/system is the same as on the working system.
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: cannot su?

2005-01-15 Thread Robert William Vesterman 
I have a similar problem, but only after I use X.  I can su perfectly 
fine before using X, and I can su perfectly fine while using X (and a 
terminal window), but after exiting X, if I want to su, I have to reboot.

Ivan Voras wrote:
What could be the reasons for su root to not work?
I have a user that's in wheel group. Logging in as root works on the 
console, but su-ing from the user just writes 'Sorry', like the 
password's wrong. There are no clues in log files.

/etc/pam.d/su is identical to another machine where everything works ok.
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]