On Tue, 2005-02-08 at 19:02 -0800, Mike Payson wrote: > > More info... I tried adding a test user & su'ing to that from my main > > user, and I can't do that either. This suggests that the problem isn't > > related to becoming root, but that something is corrupt. The user was > > created successfully, the shadow file looks fine to me, and I can su > > to other users from root, but clearly somewhere something isn't > > working right. > > > This is still not working... The logs don't say much, just: > > Feb 8 18:51:18 [su] pam_authenticate: Permission denied
I can't duplicate the Permission denied error, no matter how much I mess with PAM. However, given that I would verify /etc/pam.d/su is correct. Here is what mine looks like: #%PAM-1.0 auth sufficient /lib/security/pam_rootok.so # If you want to restrict users begin allowed to su even more, # create /etc/security/suauth.allow (or to that matter) that is only # writable by root, and add users that are allowed to su to that # file, one per line. #auth required /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow # Uncomment this to allow users in the wheel group to su without # entering a passwd. #auth sufficient /lib/security/pam_wheel.so use_uid trust # Alternatively to above, you can implement a list of users that do # not need to supply a passwd with a list. #auth sufficient /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass # Comment this to allow any user, even those not in the 'wheel' # group to su auth required /lib/security/pam_wheel.so use_uid auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_env.so session optional /lib/security/pam_xauth.so If that doesn't work, then I would re-emerge shadow (which provides su) and pam. Regards, Paul -- My Gentoo stuff: http://varnerfamily.org/pvarner/gentoo -- [email protected] mailing list
