root cannot su to normal user now
Hi All,
I have 2 linux computer, one is running testing, and the other is running
unstable.
Now the sid one cannot use `su' to change from root to any user, including
itself.
cannot su - xx
cannot su xx
cannot su xx -c 'command'
but the 'su -c' is improtant for the acpid script for the button of laptop.
The libpam0g version in the sid machine is 0.79-1, and in the etch machine
is 0.76-23, and
I did enable the
``auth sufficient pam_rootok.so''
in ``/etc/pam.d/su''
and enable the wheel group in it.
Any advices? Many thanks.
The following is my /etc/pam.d/su, while other setting about pam and login
is shipped with the distribution.
************************************************************
#
# The PAM configuration file for the Shadow `su' service
#
# Uncomment this to force users to be a member of group root
# before they can use `su'. You can also add "group=foo" to
# to the end of this line if you want to use a group other
# than the default "root".
# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
auth required pam_wheel.so group=adm
# Uncomment this if you want wheel members to be able to
# su without a password.
auth sufficient pam_wheel.so trust group=adm
# Uncomment this if you want members of a specific group to not
# be allowed to use su at all.
auth required pam_wheel.so deny group=nosu
# This allows root to su without passwords (normal operation)
auth sufficient pam_rootok.so
# Uncomment and edit /etc/security/time.conf if you need to set
# time restrainst on su usage.
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
# as well as /etc/porttime)
# account requisite pam_time.so
# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
@include common-auth
@include common-account
@include common-session
# Sets up user limits, please uncomment and read /etc/security/limits.conf
# to enable this functionality.
# (Replaces the use of /etc/limits in old login)
# session required pam_limits.so
Reply to: