root cannot su to normal user now

To: Debian User List <debian-user@lists.debian.org>
Subject: root cannot su to normal user now
From: Wang Xu <gnawux@gmail.com>
Date: Fri, 30 Sep 2005 08:49:57 +0800
Message-id: <[🔎] da8464b10509291749p63015c01y@mail.gmail.com>
Reply-to: Wang Xu <gnawux@gmail.com>

Hi All,

I have 2 linux computer, one is running testing, and the other is running
unstable.

Now the sid one cannot use `su' to change from root to any user, including
itself.

cannot su - xx
cannot su xx
cannot su xx -c 'command'

but the 'su -c' is improtant for the acpid script for the button of laptop.

The libpam0g version in the sid machine is 0.79-1, and in the etch machine
is 0.76-23, and

I did enable the
  ``auth sufficient pam_rootok.so''
in ``/etc/pam.d/su''

and enable the wheel group in it.

Any advices? Many thanks.

The following is my /etc/pam.d/su, while other setting about pam and login
is shipped with the distribution.

************************************************************

#
# The PAM configuration file for the Shadow `su' service
#

# Uncomment this to force users to be a member of group root
# before they can use `su'. You can also add "group=foo" to
# to the end of this line if you want to use a group other
# than the default "root".
# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
auth       required   pam_wheel.so group=adm

# Uncomment this if you want wheel members to be able to
# su without a password.
auth       sufficient pam_wheel.so trust group=adm

# Uncomment this if you want members of a specific group to not
# be allowed to use su at all.
auth       required   pam_wheel.so deny group=nosu

# This allows root to su without passwords (normal operation)
auth       sufficient pam_rootok.so

# Uncomment and edit /etc/security/time.conf if you need to set
# time restrainst on su usage.
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
# as well as /etc/porttime)
# account    requisite  pam_time.so

# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
@include common-auth
@include common-account
@include common-session

# Sets up user limits, please uncomment and read /etc/security/limits.conf
# to enable this functionality.
# (Replaces the use of /etc/limits in old login)
# session    required   pam_limits.so

Reply to:

Follow-Ups:
- Re: root cannot su to normal user now
  - From: Stephen Cormier <s.cormier@gmx.net>
- Re: root cannot su to normal user now
  - From: Wang Xu <gnawux@gmail.com>

Prev by Date: Re: counting bandwidth usage
Next by Date: just wanna switch the menu.lst for grub in the mbr to read
Previous by thread: netkit-inetd vs. inetutils-inetd
Next by thread: Re: root cannot su to normal user now
Index(es):
- Date
- Thread