Find the answer to your Linux question:
Page 2 of 4 FirstFirst 1 2 3 4 LastLast
Results 11 to 20 of 36
Sorry, that should have been /var/log/auth.log....
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #11
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578

    Sorry, that should have been /var/log/auth.log.

  2. #12
    Linux Guru loft306's Avatar
    Join Date
    Oct 2003
    Location
    The DairyLand
    Posts
    1,666
    There is no log by that name either!!
    but i could post the output of strace

    can a log be made for it? ... even if i have to do the kernel again

    could i of missed something in the kernel/modules
    ~Mike ~~~ Forum Rules
    Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. ~ Linus Torvalds
    http://loft306.org

  3. #13
    Linux Engineer
    Join Date
    Apr 2003
    Location
    Sweden
    Posts
    796
    Perform an su attempt and paste in the output from following commands,

    Code:
    tail /var/log/secure;tail /var/log/messages
    Regards

    Andutt

  4. $spacer_open
    $spacer_close
  5. #14
    Linux Guru loft306's Avatar
    Join Date
    Oct 2003
    Location
    The DairyLand
    Posts
    1,666
    Mar 1 05:44:05 loft306 unix_chkpwd[25509]: check pass; user unknown
    Mar 1 05:44:05 loft306 su(pam_unix)[25508]: authentication failure; logname= uid=1000 euid=1000 tty=pts/0 ruser=taz rhost= user=root
    Mar 1 05:44:08 loft306 su[25508]: pam_authenticate: Authentication failure
    bash-2.05b$

    i beleave this is the same as posted above

    And to add this: i cant su to any user not just root
    ~Mike ~~~ Forum Rules
    Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. ~ Linus Torvalds
    http://loft306.org

  6. #15
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    While an strace output would normally be useful, it kind of beats the purpose when run on su, since it prevents the setuid to be effective on su (and thus the shadow passwd routines won't work). That's the great problem with debugging su...

    Maybe there's something strange in your PAM config. Could you post the contents of /etc/pam.d/su and /etc/pam.d/system-auth?

  7. #16
    Linux Guru loft306's Avatar
    Join Date
    Oct 2003
    Location
    The DairyLand
    Posts
    1,666
    /etc/pam.d/su:
    #%PAM-1.0

    auth sufficient /lib/security/pam_rootok.so

    # If you want to restrict users begin allowed to su even more,
    # create /etc/security/suauth.allow (or to that matter) that is only
    # writable by root, and add users that are allowed to su to that
    # file, one per line.
    #auth required /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow

    # Uncomment this to allow users in the wheel group to su without
    # entering a passwd.
    #auth sufficient /lib/security/pam_wheel.so use_uid trust

    # Alternatively to above, you can implement a list of users that do
    # not need to supply a passwd with a list.
    #auth sufficient /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass

    # Comment this to allow any user, even those not in the 'wheel'
    # group to su
    auth required /lib/security/pam_wheel.so use_uid

    auth required /lib/security/pam_stack.so service=system-auth

    account required /lib/security/pam_stack.so service=system-auth

    password required /lib/security/pam_stack.so service=system-auth

    session required /lib/security/pam_stack.so service=system-auth
    session optional /lib/security/pam_xauth.so






    /etc/pam.d/system-auth:

    #%PAM-1.0

    auth required /lib/security/pam_env.so
    auth sufficient /lib/security/pam_unix.so likeauth nullok
    auth required /lib/security/pam_deny.so

    account required /lib/security/pam_unix.so

    password required /lib/security/pam_cracklib.so retry=3
    password sufficient /lib/security/pam_unix.so nullok md5 shadow use_authtok
    password required /lib/security/pam_deny.so

    session required /lib/security/pam_limits.so
    session required /lib/security/pam_unix.so

    ok i uncommented the red line above then tried to su without a password and got this error:
    bash-2.05b$ su
    su: Authentication service cannot retrieve authentication info.
    Sorry.


    i comented out blue area and got this error msg
    bash-2.05b$ su
    su: Permission denied
    Sorry.
    ~Mike ~~~ Forum Rules
    Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. ~ Linus Torvalds
    http://loft306.org

  8. #17
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    It's just so strange that it complains about `user unknown'. Especially so that only su complains about it and not the login program...

    Check so that /sbin/unix_chkpwd really is SUID root. If it is, I still don't know what to do other than a trace. However, a ltrace would probably be more useful than a strace in this situation. You might also want to pipe it through the following before posting it here.
    Code:
    sed 's/your_root_password/xxx/g'

  9. #18
    Linux Guru loft306's Avatar
    Join Date
    Oct 2003
    Location
    The DairyLand
    Posts
    1,666
    well this is the permessions:

    -r-sr-xr-x 1 root root 19000 Nov 28 11:19 /sbin/unix_chkpwd
    ~Mike ~~~ Forum Rules
    Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. ~ Linus Torvalds
    http://loft306.org

  10. #19
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Yeah, it's SUID root. I dunno... try an ltrace.

  11. #20
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Btw., depending on your kernel, you might be able to {s,l}trace it properly. Try starting su as a user, but before entering the password, log in as root and try to attach {s,l}trace to it with the -p option. Depending on the kernel, it will either succeed, or you'll get an EPERM.

Page 2 of 4 FirstFirst 1 2 3 4 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •