On Sat, 10 Apr 2004 22:28:31 +1200, you wrote: > >Nick Rout <[EMAIL PROTECTED]> writes: > >> On Sat, 10 Apr 2004 18:07, Christopher Sawtell wrote: >> > On Saturday 10 April 2004 16:41, Andrew Tarr wrote: >> > > su: Authentication Failure >> > > Sorry. >> > >> > On ye olde Unix, and some Linux distributions, you have to be a member of >> > the wheel group to be able to su. I'm now sure if this is current Debian >> > policy, but it's worth a try. >> >> >> I'm pretty sure that is the position on debian. >> >> well i was until i booted mepis (debian based) to check the position. it does >> not contain a wheel group, and I can su to root. >> >> check it out anyway, mepis may have changed things. >> > >I have already tried adding that (as you would know if you read my >post more carefully :] ). Doesn't help. Moreover, the line that does >that is commented out in pam.d/su : > ># auth required pam_wheel.so group=wheel > >just for fun I uncommented this line > >#auth sufficient pam_wheel.so trust > >which claims it allows wheel members to su without a password. >it still doesn't work, but there's a different error message: > >su: Authentication service cannot retrieve authentication info. > >lovely. But at least I know changes to the pam.d files does >something. > >FWIW, I've never had difficulties with su'ing with debian before, >and I've never had a wheel group. > >--
Well, the problem is that PAM is screwed. Does it log to a file, like /var/log/auth.log? That may get you a bit further to unscrewing it. You may need to enable this through /etc/syslog.conf. Debug mode for pam can be enabled, but it always seems to be a black art to getting it running. usually, tacking a debug option at the end of the auth required pam_wheel... line in /etc/pam.d/su file works. Then you need to send *.debug to a file somewhere in /etc/syslog.conf, make sure that the file exists, and then restart syslogd. If you're using debian, it might be worth running an apt-get update, just to see if there's something out of kilter, I must admit to running a b*stardised version of Fedora, which I know isn't PC in this group (^: Cheers, Steve FWIW, In the 20+ years that I've been using *nices for a living, it wasn't until I used Linux that I even heard of the wheel group.
