[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: su: user->root ok, user1->user2 ok, root->user NOK

From: Julio C G Silva <jcgs_tech yahoo com br>
To: pam-list redhat com
Subject: Re: su: user->root ok, user1->user2 ok, root->user NOK
Date: Sat, 5 Jan 2002 01:09:51 -0200

On Friday 04 January 2002 02:02 pm, you wrote:

[root@andromeda i386]# cat /etc/issue
Red Hat Linux release 7.2 (Enigma)

[root@andromeda i386]# pwd
/data/Genesis/Soft/r/RedHat/binario/7.2/Update/i386
[root@andromeda i386]# ls -lA pam*
-rwxr-xr-x    1 julio    julio      741466 Oct 31 18:27 pam-0.75-16.i386.rpm
-rwxr-xr-x    1 julio    julio      747244 Nov 14 19:44 pam-0.75-19.i386.rpm
-rwxr-xr-x    1 julio    julio       69609 Oct 31 18:23 
pam-devel-0.75-16.i386.rpm
-rwxr-xr-x    1 julio    julio       70010 Nov 14 19:36 
pam-devel-0.75-19.i386.rpm
[root@andromeda i386]#

[julio@andromeda julio]$ su
Password:
[root@andromeda julio]# su julio
[julio@andromeda julio]$ cat /etc/pam.d/su
#%PAM-1.0
auth       sufficient   /lib/security/pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth       sufficient   /lib/security/pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth       required     /lib/security/pam_wheel.so use_uid
auth       required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_xauth.so

[julio@andromeda julio]$ rpm -qi pam
Name        : pam                          Relocations: (not relocateable)
Version     : 0.75                              Vendor: Red Hat, Inc.
Release     : 19                            Build Date: Fri 09 Nov 2001 
02:30:47 PM BRST
Install date: Tue 25 Dec 2001 07:36:39 PM BRST      Build Host: 
stripples.devel.redhat.com
Group       : System Environment/Base       Source RPM: pam-0.75-19.src.rpm
Size        : 2153477                          License: GPL or BSD
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://www.us.kernel.org/pub/linux/libs/pam/index.html
Summary     : A security tool which provides authentication for applications.
Description :
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policy without
having to recompile programs that handle authentication.
[julio@andromeda julio]$

> Hi, I'm having a trouble with su and pam-0.75 (with absolutely
> no patches, just the original tarball).
>
> As a regular user, I can su to root as usual, just giving
> root's password. I can also su from a regular user to another
> one without problems.
>
> BUT, as root, I cannot su at all, getting this prmission denied error:
>
> [andreas@pandora Linux-PAM]$ su
> Password:
> [root@pandora Linux-PAM]# su andreas
> su: Permission denied
> [root@pandora Linux-PAM]#
>
> /etc/pam.d/su is quite normal:
> #%PAM-1.0
> auth       required	/lib/security/pam_unix.so shadow nullok
> account    required	/lib/security/pam_unix.so
> password   required	/lib/security/pam_cracklib.so
> password   required	/lib/security/pam_unix.so shadow use_authtok nullok
> session    required	/lib/security/pam_unix.so
> session    optional     /lib/security/pam_xauth.so
>
> The logs:
> Jan  4 13:57:38 pandora su(pam_unix)[1669]: session opened for user root by
> andreas(uid=681) Jan  4 13:57:40 pandora su(pam_unix)[1671]: session opened
> for user andreas by andreas(uid=0) Jan  4 13:57:40 pandora
> su(pam_unix)[1671]: session closed for user andreas
>
> Note that the session was opened, but closed right away. Any clues?
> I also tried a CVS copy, same problem.
>
>
>
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list

-- 
==========================================================
Julio C G Silva
---------------------------------------------------------------------------------
Red Hat Linux User - Enigma [7.2]
==========================================================

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Follow-Ups:
- Re: su: user->root ok, user1->user2 ok, root->user NOK
  - From: Andreas Hasenack <andreas@conectiva.com.br>

References:
- su: user->root ok, user1->user2 ok, root->user NOK
  - From: Andreas Hasenack <andreas@conectiva.com.br>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index] []