Problem fixed. /etc/fstab had the root file system mounted with the users option, which disabled the requisite setuid bit on the /bin/su executable, thereby preventing me from su'ing to root from a non-root user. This was despite the fact that the non-root user was in the wheel group.
Thanks again for your help. Kris Kerwin On Wednesday 02 August 2006 01:10, Kris Kerwin wrote: > Hi all, > > I just performed a new Gentoo install, and am having a couple of issues > regarding authentication. I think that the problem is something to do with > PAM/Shadow. (No ... it's not the blocking issue between pam-login and > shadow). > > I run a single user system with just users for myself (username: kris) and > root. I cannot su into the root account from my personal account. I have > added kris to the group wheel using the `gpasswd -a kris wheel', but still > cannot su. I verified that kris is in the wheel group by logging in and > trying the `groups' command. > > Then, I tried editing `/etc/pam.d/su' and commenting out the line `auth > required pam_wheel.so use_uid', as the comment above it states that doing > so will allow users who are not in the wheel group to su. Still, no joy. > Other comments in that file state that you may give explicit rights to > specific users by creating the file `/etc/security/suauth.allow' with each > allowed user on their own line. Still, no joy. > > On a (possibly) related note: while trying to switch from a graphical login > to a virtual console to work on some of these problems, I found that the > usual Ctrl-Alt-F* incantation did not work. The only way to switch to a > virtual console was to right click on the desktop and go through the > `Switch User' menu function on KDE. Further, when switching back to the > graphical login from the console, I found that the screensaver had come on > and had locked the desktop (though this was disabled within KDE's > configuration). The big problem, however, came when I could not unlock the > screensaver with my password. > > Also, kris' attempts to change his passwd are met with the error: > `Authentication token manipulation error'. > > Thanks in advance for all of your help. System information is appended > below. > > Kris Kerwin > > > > ========== System Info ========== > > I run `pam-0.78-r3 USE=berkdb' and `shadow-4.0.15-r2 USE=nls pam' on the > following system: > > Portage 2.1-r1 (!/usr/portage/profiles/default-linux/x86/2006.0, gcc-3.4.6, > glibc-2.3.6-r4, 2.6.16-suspend2-r8 i686) > ================================================================= > System uname: 2.6.16-suspend2-r8 i686 Intel(R) Pentium(R) 4 CPU 3.20GHz > Gentoo Base System version 1.6.15 > app-admin/eselect-compiler: [Not Present] > dev-lang/python: 2.4.3-r1 > dev-python/pycrypto: 2.0.1-r5 > dev-util/ccache: [Not Present] > dev-util/confcache: [Not Present] > sys-apps/sandbox: 1.2.17 > sys-devel/autoconf: 2.13, 2.59-r7 > sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 > sys-devel/binutils: 2.16.1-r3 > sys-devel/gcc-config: 1.3.13-r3 > sys-devel/libtool: 1.5.22 > virtual/os-headers: 2.6.11-r2 > ACCEPT_KEYWORDS="x86" > AUTOCLEAN="yes" > CBUILD="i686-pc-linux-gnu" > CFLAGS="-march=pentium4 -O3 -pipe" > CHOST="i686-pc-linux-gnu" > CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config > /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config > /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ > /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ > /usr/share/texmf/xdvi/" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf > /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O2 -mcpu=i686 -pipe" > DISTDIR="/usr/portage/distfiles" > FEATURES="autoconfig ccache cvs distlocks fixpackages metadata-transfer > notitles sandbox sfperms strict userpriv" > GENTOO_MIRRORS="http://distfiles.gentoo.org > http://distro.ibiblio.org/pub/linux/distributions/gentoo"; > MAKEOPTS="-j3" > PKGDIR="/usr/portage/packages" > PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times > --compress --force --whole-file --delete --delete-after --stats > --timeout=180 --exclude='/distfiles' --exclude='/local' > --exclude='/packages'" PORTAGE_TMPDIR="/tmp/build" > PORTDIR="/usr/target/ports" > SYNC="rsync://rsync.gentoo.org/gentoo-portage" > USE="x86 X acpi adns aim alsa apache2 apm arts artswrappersuid asm > audiofile avi berkdb bitmap-fonts bzip2 cddb cdparanoia cli crypt cups dga > divx4linux dlloader doc dri dvb dvd dvdr dvdread eds emboss encode esd > ethereal f77 font-server foomaticdb fortran gdbm gif gnome gpm gstreamer > gtk gtk2 heimdal icq imlib ipv6 isdnlog jabber java javascript jikes > joystick jpeg kde kerberos koffice-plugin libg++ libwww mad mikmod mime > motif mp3 mpeg mplayer msn ncurses nls nocd nptl offensive ogg opengl oscar > oss pam pcre pda pdflib perl png posix pppd python qt qt3 qt4 quicktime > readline real reflection sdl session smime spell spl sse ssl svg tcpd > truetype truetype-fonts type1-fonts udev unicode usb videos vorbis wmf xine > xinerama xml xmms xorg xscreensaver xv yahoo zlib elibc_glibc > input_devices_keyboard input_devices_mouse input_devices_evdev kernel_linux > userland_GNU video_cards_radeon" > Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, > LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY -- gentoo-user@gentoo.org mailing list
