Re: remote su root: SORRY
On Thu, 24 Nov 2005, Paul Yiu wrote: > > > Sigh. Exact details please. Does su print "Sorry"? Or anything else? > > > Some things you can do to isolate the problem: > > > > 1. Login on console as pyiu and try to su. > Yes that worked ok inserial console. > $ su > Password: > # > > > > 2. When logged in, ssh to localhost as pyiu and then try to su > > It failed to su. > > -bash-3.00$ ssh [EMAIL PROTECTED] > -bash-3.00$ su Password: > Sorry In this case, were you logged in on console originally? Or via the ssh.com client? If the latter is the case, I suspect some keyboard mapping problem with that client. -Otto > > > > Please give exact reports on what is printed on screen and written to > > > authlog in these cases. > > This is authlog when successed to login from SSH to localhost login as pyiu > and su. > Nov 24 10:00:00 unix1 su: pyiu to root on /dev/ttys0 > > This is authlog when failed to login from SSH to localhost login as pyiu and > su. > Nov 24 10:00:46 unix1 su: BAD SU pyiu to root on /dev/ttyp0 > > > > If that does not give a clue, I might need to add some debug code to > > > su to see what is going on. > > > > -Otto > > -- > Regards, > Paul Yiu > Senior Systems & Network Administrator > > Max eCommerce Pty Ltd. > http: www.maxecommerce.com > Ph: +61 02 9651 3422 Fax: +61 02 9651 4622 > Email: [EMAIL PROTECTED] > > > This email and any attachments are confidential and may be subject to > copyright, legal or some other professional privilege. They are intended > solely for the attention and use of the named addressee(s). > They may only be copied, distributed or disclosed with the consent of the > copyright owner. If you have received this email by mistake or by breach of > the confidentiality clause, please notify the sender immediately by return > email and delete or destroy all copies of the email. Any confidentiality, > privilege or copyright is not waived or lost because this email has been sent > to you by mistake. > > > Otto Moerbeek wrote: > > > On Wed, 23 Nov 2005, Paul Yiu wrote: > > > > > > > Hi Otto, > > > > > > > > > > > I would like to see the output of userinfo pyiu. Added to that, the > > > > > output of getcap -f /etc/login.conf class, where class is the login > > > > > class of teh user, as reported by userinfo. > > > > > > > > login pyiu > > > passwd WhatEverWasHere > > > uid 1002 > > > groups users wheel > > > change NEVER > > > class gecos Paul Yiu > > > dir /home/pyiu > > > shell /usr/local/bin/bash > > > expire NEVER > > > > > > pyiu do not assign to any class as shown above. > > > -bash-3.00# getcap -f /etc/login.conf default > > > default::path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin > > > /usr/local/bin: :umask=022: :datasize-max=256M: > > > :datasize-cur=75M: :maxproc-max=128: :maxproc-cur=64: > > > :openfiles-cur=64: :stacksize-cur=4M: :localcipher=blowfish,6: > > > :ypcipher=old: :auth=passwd,skey: :auth-ftp=passwd: > > > > > > > > > > > Also, we need to see the exact command line used and errors reported. > > > > > Not just some vague description. > > > I use ssh.com client 3.2.9 to login as pyiu and type su to su as root and > > > what has been capture in /var/log/authlog is > > > Nov 21 11:27:02 openbsd1 su: BAD SU pyiu to root on /dev/ttyp0 > > > I can provide more details if necessery. > > > > > > > Sigh. Exact details please. Does su print "Sorry"? Or anything else? > > > > Some things you can do to isolate the problem: > > > > 1. Login on console as pyiu and try to su. > > 2. When logged in, ssh to localhost as pyiu and then try to su > > > > Please give exact reports on what is printed on screen and written to > > authlog in these cases. > > > > If that does not give a clue, I might need to add some debug code to > > su to see what is going on. > > > > -Otto
Re: remote su root: SORRY
>>Sigh. Exact details please. Does su print "Sorry"? Or anything else? >>Some things you can do to isolate the problem: >>1. Login on console as pyiu and try to su. Yes that worked ok inserial console. $ su Password: # >>2. When logged in, ssh to localhost as pyiu and then try to su It failed to su. -bash-3.00$ ssh [EMAIL PROTECTED] -bash-3.00$ su Password: Sorry >>Please give exact reports on what is printed on screen and written to >>authlog in these cases. This is authlog when successed to login from SSH to localhost login as pyiu and su. Nov 24 10:00:00 unix1 su: pyiu to root on /dev/ttys0 This is authlog when failed to login from SSH to localhost login as pyiu and su. Nov 24 10:00:46 unix1 su: BAD SU pyiu to root on /dev/ttyp0 >>If that does not give a clue, I might need to add some debug code to >>su to see what is going on. >> -Otto -- Regards, Paul Yiu Senior Systems & Network Administrator Max eCommerce Pty Ltd. http: www.maxecommerce.com Ph: +61 02 9651 3422 Fax: +61 02 9651 4622 Email: [EMAIL PROTECTED] This email and any attachments are confidential and may be subject to copyright, legal or some other professional privilege. They are intended solely for the attention and use of the named addressee(s). They may only be copied, distributed or disclosed with the consent of the copyright owner. If you have received this email by mistake or by breach of the confidentiality clause, please notify the sender immediately by return email and delete or destroy all copies of the email. Any confidentiality, privilege or copyright is not waived or lost because this email has been sent to you by mistake. Otto Moerbeek wrote: >On Wed, 23 Nov 2005, Paul Yiu wrote: > > > >>Hi Otto, >> >> >> I would like to see the output of userinfo pyiu. Added to that, the output of getcap -f /etc/login.conf class, where class is the login class of teh user, as reported by userinfo. >>login pyiu >>passwd WhatEverWasHere >>uid 1002 >>groups users wheel >>change NEVER >>class >>gecos Paul Yiu >>dir /home/pyiu >>shell /usr/local/bin/bash >>expire NEVER >> >>pyiu do not assign to any class as shown above. >>-bash-3.00# getcap -f /etc/login.conf default >>default::path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin >>/usr/local/bin: :umask=022: :datasize-max=256M: >>:datasize-cur=75M: :maxproc-max=128: :maxproc-cur=64: >>:openfiles-cur=64: :stacksize-cur=4M: >>:localcipher=blowfish,6::ypcipher=old: :auth=passwd,skey: >>:auth-ftp=passwd: >> >> >> Also, we need to see the exact command line used and errors reported. Not just some vague description. >>I use ssh.com client 3.2.9 to login as pyiu and type su to su as root >>and what has been capture in /var/log/authlog is >>Nov 21 11:27:02 openbsd1 su: BAD SU pyiu to root on /dev/ttyp0 >>I can provide more details if necessery. >> >> > >Sigh. Exact details please. Does su print "Sorry"? Or anything else? > >Some things you can do to isolate the problem: > >1. Login on console as pyiu and try to su. >2. When logged in, ssh to localhost as pyiu and then try to su > >Please give exact reports on what is printed on screen and written to >authlog in these cases. > >If that does not give a clue, I might need to add some debug code to >su to see what is going on. > > -Otto
Re: remote su root: SORRY
Hi Chad, Yes, with sudo su - worked ok, great thanks. I really want su instead of sudo su - due to other admin in my company I want to keep this consistant. Any idea what causes the su failed? I got many openbsd server running and they are with same config but able to su without this problem. -- Regards, Paul Yiu Senior Systems & Network Administrator Max eCommerce Pty Ltd. http: www.maxecommerce.com Ph: +61 02 9651 3422 Fax: +61 02 9651 4622 Email: [EMAIL PROTECTED] This email and any attachments are confidential and may be subject to copyright, legal or some other professional privilege. They are intended solely for the attention and use of the named addressee(s). They may only be copied, distributed or disclosed with the consent of the copyright owner. If you have received this email by mistake or by breach of the confidentiality clause, please notify the sender immediately by return email and delete or destroy all copies of the email. Any confidentiality, privilege or copyright is not waived or lost because this email has been sent to you by mistake. Chad M Stewart wrote: On Nov 20, 2005, at 10:02 PM, Paul Yiu wrote: Hi Guys, Hope you guys can help on this ssh issue has been posted in 2004. Thank you in advance. I hit the same ssh problem with openbsd 3.7. I got serial console set up, I got a user which assigned in a wheel group, when I log in using ssh as a user and try to su. System said sorry and I check /var/log/authlog it said BAD SU pyiu to root on /dev/ttyp0. I can ssh in as root, but not su as root. $ su Password: Sorry $ sudo su - Password: Results in the following entry in /var/log/authlog Nov 23 08:09:54 sabus su: BAD SU chad to root on /dev/ttyp0 I don't think the problem is with the serial console or ssh. I suspect the problem is user error. Assuming you've adjusted sudo to allow people in the wheel group, great. Then they must use sudo to run the commands. Look at my example above. The first time I simply tried using 'su' and obviously did not enter the root password. While in the next example I entered 'sudo su -' and then entered my password when prompted which then granted me a root prompt. -Chad
Re: remote su root: SORRY
On Nov 20, 2005, at 10:02 PM, Paul Yiu wrote: Hi Guys, Hope you guys can help on this ssh issue has been posted in 2004. Thank you in advance. I hit the same ssh problem with openbsd 3.7. I got serial console set up, I got a user which assigned in a wheel group, when I log in using ssh as a user and try to su. System said sorry and I check /var/log/authlog it said BAD SU pyiu to root on /dev/ttyp0. I can ssh in as root, but not su as root. $ su Password: Sorry $ sudo su - Password: Results in the following entry in /var/log/authlog Nov 23 08:09:54 sabus su: BAD SU chad to root on /dev/ttyp0 I don't think the problem is with the serial console or ssh. I suspect the problem is user error. Assuming you've adjusted sudo to allow people in the wheel group, great. Then they must use sudo to run the commands. Look at my example above. The first time I simply tried using 'su' and obviously did not enter the root password. While in the next example I entered 'sudo su -' and then entered my password when prompted which then granted me a root prompt. -Chad
Re: remote su root: SORRY
On Wed, 23 Nov 2005, Paul Yiu wrote: > Hi Otto, > > >>I would like to see the output of userinfo pyiu. Added to that, the > >>output of getcap -f /etc/login.conf class, where class is the login > >>class of teh user, as reported by userinfo. > > login pyiu > passwd WhatEverWasHere > uid 1002 > groups users wheel > change NEVER > class > gecos Paul Yiu > dir /home/pyiu > shell /usr/local/bin/bash > expire NEVER > > pyiu do not assign to any class as shown above. > -bash-3.00# getcap -f /etc/login.conf default > default::path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin > /usr/local/bin: :umask=022: :datasize-max=256M: > :datasize-cur=75M: :maxproc-max=128: :maxproc-cur=64: > :openfiles-cur=64: :stacksize-cur=4M: > :localcipher=blowfish,6::ypcipher=old: :auth=passwd,skey: > :auth-ftp=passwd: > > >>Also, we need to see the exact command line used and errors reported. > >>Not just some vague description. > > I use ssh.com client 3.2.9 to login as pyiu and type su to su as root > and what has been capture in /var/log/authlog is > Nov 21 11:27:02 openbsd1 su: BAD SU pyiu to root on /dev/ttyp0 > I can provide more details if necessery. Sigh. Exact details please. Does su print "Sorry"? Or anything else? Some things you can do to isolate the problem: 1. Login on console as pyiu and try to su. 2. When logged in, ssh to localhost as pyiu and then try to su Please give exact reports on what is printed on screen and written to authlog in these cases. If that does not give a clue, I might need to add some debug code to su to see what is going on. -Otto
Re: remote su root: SORRY
Hi Otto, >>I would like to see the output of userinfo pyiu. Added to that, the >>output of getcap -f /etc/login.conf class, where class is the login >>class of teh user, as reported by userinfo. login pyiu passwd WhatEverWasHere uid 1002 groups users wheel change NEVER class gecos Paul Yiu dir /home/pyiu shell /usr/local/bin/bash expire NEVER pyiu do not assign to any class as shown above. -bash-3.00# getcap -f /etc/login.conf default default::path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin: :umask=022: :datasize-max=256M: :datasize-cur=75M: :maxproc-max=128: :maxproc-cur=64: :openfiles-cur=64: :stacksize-cur=4M: :localcipher=blowfish,6::ypcipher=old: :auth=passwd,skey: :auth-ftp=passwd: >>Also, we need to see the exact command line used and errors reported. >>Not just some vague description. I use ssh.com client 3.2.9 to login as pyiu and type su to su as root and what has been capture in /var/log/authlog is Nov 21 11:27:02 openbsd1 su: BAD SU pyiu to root on /dev/ttyp0 I can provide more details if necessery. -- Regards, Paul Yiu Senior Systems & Network Administrator Max eCommerce Pty Ltd. http: www.maxecommerce.com Ph: +61 02 9651 3422 Fax: +61 02 9651 4622 Email: [EMAIL PROTECTED] This email and any attachments are confidential and may be subject to copyright, legal or some other professional privilege. They are intended solely for the attention and use of the named addressee(s). They may only be copied, distributed or disclosed with the consent of the copyright owner. If you have received this email by mistake or by breach of the confidentiality clause, please notify the sender immediately by return email and delete or destroy all copies of the email. Any confidentiality, privilege or copyright is not waived or lost because this email has been sent to you by mistake. Otto Moerbeek wrote: >On Mon, 21 Nov 2005, Lars Hansson wrote: > > > >>On Mon, 21 Nov 2005 14:02:17 +1100 >>Paul Yiu <[EMAIL PROTECTED]> wrote: >> >> >>>/etc/passwd >>>pyiu:*:1002:10:P Yiu:/home/pyiu:/usr/local/bin/bash >>> >>>/etc/group >>>wheel:*:0:root,pyiu >>> >>> >>10 != 0 >> >> > >Indeed, but what does that have to do with the problem? You do not >have to have wheel as primary group to be able to use su(1). > >I would like to see the output of userinfo pyiu. Added to that, the >output of getcap -f /etc/login.conf class, where class is the login >class of teh user, as reported by userinfo. > >Also, we need to see the exact command line used and errors reported. >Not just some vague description. > > -Otto
Re: remote su root: SORRY
On Mon, 21 Nov 2005 09:37:17 +0100 (CET) Otto Moerbeek <[EMAIL PROTECTED]> wrote: > Indeed, but what does that have to do with the problem? You do not > have to have wheel as primary group to be able to use su(1). Indeed, I'm totally wrong. I missed the puyi at the end of the group entry. Just ignore this silly post. --- Lars Hansson
Re: remote su root: SORRY
On Mon, 21 Nov 2005, Lars Hansson wrote: > On Mon, 21 Nov 2005 14:02:17 +1100 > Paul Yiu <[EMAIL PROTECTED]> wrote: > > /etc/passwd > > pyiu:*:1002:10:P Yiu:/home/pyiu:/usr/local/bin/bash > > > > /etc/group > > wheel:*:0:root,pyiu > > 10 != 0 Indeed, but what does that have to do with the problem? You do not have to have wheel as primary group to be able to use su(1). I would like to see the output of userinfo pyiu. Added to that, the output of getcap -f /etc/login.conf class, where class is the login class of teh user, as reported by userinfo. Also, we need to see the exact command line used and errors reported. Not just some vague description. -Otto
Re: remote su root: SORRY
On Mon, 21 Nov 2005 14:02:17 +1100 Paul Yiu <[EMAIL PROTECTED]> wrote: > /etc/passwd > pyiu:*:1002:10:P Yiu:/home/pyiu:/usr/local/bin/bash > > /etc/group > wheel:*:0:root,pyiu 10 != 0 --- Lars Hansson
Re: remote su root: SORRY
Hi Guys, Hope you guys can help on this ssh issue has been posted in 2004. Thank you in advance. I hit the same ssh problem with openbsd 3.7. I got serial console set up, I got a user which assigned in a wheel group, when I log in using ssh as a user and try to su. System said sorry and I check /var/log/authlog it said BAD SU pyiu to root on /dev/ttyp0. I can ssh in as root, but not su as root. Please find following lines from config file. /etc/passwd pyiu:*:1002:10:P Yiu:/home/pyiu:/usr/local/bin/bash /etc/group wheel:*:0:root,pyiu /etc/ttys ttyp0 nonenetwork /var/log/authlog su: BAD SU pyiu to root on /dev/ttyp0 -- Regards, Paul Yiu Senior Systems & Network Administrator Max eCommerce Pty Ltd. http: www.maxecommerce.com Ph: +61 02 9651 3422 Fax: +61 02 9651 4622 Email: [EMAIL PROTECTED] This email and any attachments are confidential and may be subject to copyright, legal or some other professional privilege. They are intended solely for the attention and use of the named addressee(s). They may only be copied, distributed or disclosed with the consent of the copyright owner. If you have received this email by mistake or by breach of the confidentiality clause, please notify the sender immediately by return email and delete or destroy all copies of the email. Any confidentiality, privilege or copyright is not waived or lost because this email has been sent to you by mistake.