On Wed, 17 Jun 2020 15:19:14 +0100
Ken Moffat <[email protected]> wrote:
> I've now completed, and booted, a build of the new-style LFS. I'm
> loggied in (and using ssh to write this post). Both my normal
> users (ken, lfs), as well as root can login - so the passwords are
> correct.
>
> But only root can su, so I'm not going to be able to build anything
> after I've built X and run 'startx'.
>
> If I try to su, either to root or to another user, I get:
>
> ken@plexi /sources/scripts/lfs-dev/git$ su - lfs
> Password:
> su: Authentication failure
>
> And /var/log/auth.log shows
>
> Jun 17 14:48:04 plexi su[14069]: Authentication failed for root
> Jun 17 14:48:04 plexi su[14069]: FAILED su for root by ken
> Jun 17 14:48:04 plexi su[14069]: - /dev/tty2 ken:rootJun 17 14:49:10
> plexi su[14077]: Authentication failed for root Jun 17 14:49:10 plexi
> su[14077]: FAILED su for root by lfs Jun 17 14:49:10 plexi su[14077]:
> - /dev/tty2 lfs:root [...]
> Jun 17 14:50:19 plexi su[14086]: Authentication failed for root
> Jun 17 14:50:19 plexi su[14086]: FAILED su for root by ken
> Jun 17 14:50:19 plexi su[14086]: - /dev/tty3 ken:root
> Jun 17 15:01:05 plexi su[14206]: Authentication failed for lfs
> Jun 17 15:01:05 plexi su[14206]: FAILED su for lfs by ken
> Jun 17 15:01:05 plexi su[14206]: - /dev/tty5 ken:lfs
> Jun 17 15:02:48 plexi su[14207]: Successful su for ken by root
> Jun 17 15:02:48 plexi su[14207]: + /dev/tty2 root:ken
>
> At this point I don't have PAM installed. 'su' is from shadow-4.8.1.
>
> Looking at shadow, I've made two changes since my last successful
> build:
>
> First, I applied the change to make the first user 1000 (until now I
> had omitted that)
>
> sed -i 's/1000/999/' etc/useradd
>
> Second, I changed the sed to force SHA512 to match the book (just
> reformatting) and git shows the following for my change:
>
> -sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \
> - -e 's@/var/spool/mail@/var/mail@' etc/login.defs 2>$KM_LOG
> +sed -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \
> + -e 's@/var/spool/mail@/var/mail@' \
> + -i etc/login.defs 2>$KM_LOG
>
> I'm at a loss to know where I should be looking. Any suggestions,
> please ?
>
> ĸen
Check these perms first
sudo owned by root:root and has chmod +s
libexec/sudo/sudoers.so owned by root:root
chmod 440 /etc/sudoers
chown 0:0 /etc/sudoers
chown 0:0 /etc/sudoers.d
chown 0:0 /etc/sudoers.d/lfs-no-passwd
chmod 440 /etc/sudoers.d/lfs-no-passwd
--
http://lists.linuxfromscratch.org/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
Do not top post on this list.
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?
http://en.wikipedia.org/wiki/Posting_style
