Re: [lfs-support] Users cannot su in svn-20200616
On Wed, Jun 17, 2020 at 01:51:49PM -0400, Scott Andrews wrote: > On Wed, 17 Jun 2020 18:45:44 +0100 > Ken Moffat wrote: > > > On Wed, Jun 17, 2020 at 12:19:25PM -0400, Scott Andrews wrote: > > > On Wed, 17 Jun 2020 15:19:14 +0100 > > > Ken Moffat wrote: > > > > > Check the perms on the su files, owned by root and setuid > Thanks - that seems to be it. On my 9.1 system: ken@llamedos ~ $ls -l /bin/su /etc/login.* -rwsr-xr-x 1 root root 74360 Mar 5 22:10 /bin/su -rw-r--r-- 1 root root 2006 Mar 5 22:10 /etc/login.access -rw-r--r-- 1 root root 11993 Mar 5 22:10 /etc/login.defs but on tne new build: -rwxr-xr-x 1 root root 61960 Jun 17 02:01 /bin/su -rw-r--r-- 1 root root 2006 Jun 16 23:34 /etc/login.access -rw-r--r-- 1 root root 11993 Jun 16 23:34 /etc/login.defs Note that on the new build the program was updated about 2 and a half hours after the other files - that was when I ran 'Stripping Again'. Trying 'chmod 4755 /bin/su corrects those perms and now lets me su. I'll have a look to see if any other programs have lost +s. ĸen -- He died at the console, of hunger and thirst. Next day he was buried, face-down, nine-edge first. - the perfect programmer -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
Re: [lfs-support] Users cannot su in svn-20200616
On Wed, Jun 17, 2020 at 09:51:34AM -0600, Flareon Zulu wrote: > On Wed, Jun 17, 2020, 09:04 Ken Moffat wrote: > > > On Wed, Jun 17, 2020 at 09:26:19AM -0500, Bruce Dubbs wrote: > > > On 6/17/20 9:19 AM, Ken Moffat wrote: > > > > I've now completed, and booted, a build of the new-style LFS. I'm > > > > loggied in (and using ssh to write this post). Both my normal > > > > users (ken, lfs), as well as root can login - so the passwords are > > > > correct. > > > > > > > > But only root can su, so I'm not going to be able to build anything > > > > after I've built X and run 'startx'. > > > > > > > > If I try to su, either to root or to another user, I get: > > > > > > > > ken@plexi /sources/scripts/lfs-dev/git$ su - lfs > > > > Password: > > > > su: Authentication failure > > > > [...] > > > > > > > > At this point I don't have PAM installed. 'su' is from shadow-4.8.1. > > > > > > > > > > Looking at shadow, I've made two changes since my last successful > > > > build: > > > > > > > > First, I applied the change to make the first user 1000 (until now I > > > > had omitted that) > > > > > > > > sed -i 's/1000/999/' etc/useradd > > > > > > > > Second, I changed the sed to force SHA512 to match the book (just > > > > reformatting) and git shows the following for my change: > > > > > > > > -sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \ > > > > - -e 's@/var/spool/mail@/var/mail@' etc/login.defs 2>$KM_LOG > > > > +sed -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \ > > > > +-e 's@/var/spool/mail@/var/mail@' \ > > > > +-i etc/login.defs 2>$KM_LOG > > > > > > > > I'm at a loss to know where I should be looking. Any suggestions, > > > > please ? > > > > > > I'm still a little behind you. I have not built PAM yet, but have you > > > rebuilt shadow after PAM? > > > > > > -- Bruce > > > > > Hi Bruce, I have not installed PAM at this point. > > > > ĸen > > So, can you humor me, and add the pound sign in front of the new encryption > method? It's been missing for, I don't know, at least 2 years? So the new > sed would be: > > > sed -e 's@#ENCRYPT_METHOD DES@#ENCRYPT_METHOD SHA512@' > > > Flareon Zulu > I don't think so - first, it works fine without the hash symbol (to me a pound sign is '£') in 9.1. second, if you look at /etc/login.defs in view or vim you can see (from the syntax highlighting, assuming you have that enabled) that '#' starts a comment. So, you seem to be inviting me to turn off encryption. Meanwhile, I tried to strace su - but even on 9.1 with the correct password that ends up with Authentication failure. ĸen -- He died at the console, of hunger and thirst. Next day he was buried, face-down, nine-edge first. - the perfect programmer -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
Re: [lfs-support] Users cannot su in svn-20200616
On Wed, Jun 17, 2020 at 12:19:25PM -0400, Scott Andrews wrote: > On Wed, 17 Jun 2020 15:19:14 +0100 > Ken Moffat wrote: > > > I've now completed, and booted, a build of the new-style LFS. I'm > > loggied in (and using ssh to write this post). Both my normal > > users (ken, lfs), as well as root can login - so the passwords are > > correct. > > > > But only root can su, so I'm not going to be able to build anything > > after I've built X and run 'startx'. > > > > If I try to su, either to root or to another user, I get: > > > > ken@plexi /sources/scripts/lfs-dev/git$ su - lfs > > Password: > > su: Authentication failure > > > > And /var/log/auth.log shows > > > > Jun 17 14:48:04 plexi su[14069]: Authentication failed for root > > Jun 17 14:48:04 plexi su[14069]: FAILED su for root by ken > > Jun 17 14:48:04 plexi su[14069]: - /dev/tty2 ken:rootJun 17 14:49:10 > > plexi su[14077]: Authentication failed for root Jun 17 14:49:10 plexi > > su[14077]: FAILED su for root by lfs Jun 17 14:49:10 plexi su[14077]: > > - /dev/tty2 lfs:root [...] > > Jun 17 14:50:19 plexi su[14086]: Authentication failed for root > > Jun 17 14:50:19 plexi su[14086]: FAILED su for root by ken > > Jun 17 14:50:19 plexi su[14086]: - /dev/tty3 ken:root > > Jun 17 15:01:05 plexi su[14206]: Authentication failed for lfs > > Jun 17 15:01:05 plexi su[14206]: FAILED su for lfs by ken > > Jun 17 15:01:05 plexi su[14206]: - /dev/tty5 ken:lfs > > Jun 17 15:02:48 plexi su[14207]: Successful su for ken by root > > Jun 17 15:02:48 plexi su[14207]: + /dev/tty2 root:ken > > > > At this point I don't have PAM installed. 'su' is from shadow-4.8.1. > > > > Looking at shadow, I've made two changes since my last successful > > build: > > > > First, I applied the change to make the first user 1000 (until now I > > had omitted that) > > > > sed -i 's/1000/999/' etc/useradd > > > > Second, I changed the sed to force SHA512 to match the book (just > > reformatting) and git shows the following for my change: > > > > -sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \ > > - -e 's@/var/spool/mail@/var/mail@' etc/login.defs 2>$KM_LOG > > +sed -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \ > > +-e 's@/var/spool/mail@/var/mail@' \ > > +-i etc/login.defs 2>$KM_LOG > > > > I'm at a loss to know where I should be looking. Any suggestions, > > please ? > > > > ĸen > > Check these perms first > > sudo owned by root:root and has chmod +s > libexec/sudo/sudoers.so owned by root:root > chmod 440 /etc/sudoers > chown 0:0 /etc/sudoers > chown 0:0 /etc/sudoers.d > chown 0:0 /etc/sudoers.d/lfs-no-passwd > chmod 440 /etc/sudoers.d/lfs-no-passwd > The problem is with su, not sudo. On desktops I eventually install sudo to allow me to do a few specific things (principally invoke pm-suspend or pm-hibernate), but that comes much later. ĸen -- He died at the console, of hunger and thirst. Next day he was buried, face-down, nine-edge first. - the perfect programmer -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
Re: [lfs-support] Users cannot su in svn-20200616
On Wed, 17 Jun 2020 19:07:02 +0100 Ken Moffat wrote: > On Wed, Jun 17, 2020 at 01:51:49PM -0400, Scott Andrews wrote: > > On Wed, 17 Jun 2020 18:45:44 +0100 > > Ken Moffat wrote: > > > > > On Wed, Jun 17, 2020 at 12:19:25PM -0400, Scott Andrews wrote: > > > > On Wed, 17 Jun 2020 15:19:14 +0100 > > > > Ken Moffat wrote: > > > > > > > > Check the perms on the su files, owned by root and setuid > > > > Thanks - that seems to be it. > > On my 9.1 system: > > ken@llamedos ~ $ls -l /bin/su /etc/login.* > -rwsr-xr-x 1 root root 74360 Mar 5 22:10 /bin/su > -rw-r--r-- 1 root root 2006 Mar 5 22:10 /etc/login.access > -rw-r--r-- 1 root root 11993 Mar 5 22:10 /etc/login.defs > > but on tne new build: > > -rwxr-xr-x 1 root root 61960 Jun 17 02:01 /bin/su > -rw-r--r-- 1 root root 2006 Jun 16 23:34 /etc/login.access > -rw-r--r-- 1 root root 11993 Jun 16 23:34 /etc/login.defs > > Note that on the new build the program was updated about 2 and a > half hours after the other files - that was when I ran 'Stripping > Again'. > > Trying 'chmod 4755 /bin/su corrects those perms and now lets me su. > > I'll have a look to see if any other programs have lost +s. > > ĸen I have run into that issue before and so far it has always been perms or not owned by root. -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
Re: [lfs-support] Users cannot su in svn-20200616
On Wed, Jun 17, 2020 at 09:26:19AM -0500, Bruce Dubbs wrote: > On 6/17/20 9:19 AM, Ken Moffat wrote: > > I've now completed, and booted, a build of the new-style LFS. I'm > > loggied in (and using ssh to write this post). Both my normal > > users (ken, lfs), as well as root can login - so the passwords are > > correct. > > > > But only root can su, so I'm not going to be able to build anything > > after I've built X and run 'startx'. > > > > If I try to su, either to root or to another user, I get: > > > > ken@plexi /sources/scripts/lfs-dev/git$ su - lfs > > Password: > > su: Authentication failure > > > > And /var/log/auth.log shows > > > > Jun 17 14:48:04 plexi su[14069]: Authentication failed for root > > Jun 17 14:48:04 plexi su[14069]: FAILED su for root by ken > > Jun 17 14:48:04 plexi su[14069]: - /dev/tty2 ken:rootJun 17 14:49:10 plexi > > su[14077]: Authentication failed for root > > Jun 17 14:49:10 plexi su[14077]: FAILED su for root by lfs > > Jun 17 14:49:10 plexi su[14077]: - /dev/tty2 lfs:root > > [...] > > Jun 17 14:50:19 plexi su[14086]: Authentication failed for root > > Jun 17 14:50:19 plexi su[14086]: FAILED su for root by ken > > Jun 17 14:50:19 plexi su[14086]: - /dev/tty3 ken:root > > Jun 17 15:01:05 plexi su[14206]: Authentication failed for lfs > > Jun 17 15:01:05 plexi su[14206]: FAILED su for lfs by ken > > Jun 17 15:01:05 plexi su[14206]: - /dev/tty5 ken:lfs > > Jun 17 15:02:48 plexi su[14207]: Successful su for ken by root > > Jun 17 15:02:48 plexi su[14207]: + /dev/tty2 root:ken > > > > At this point I don't have PAM installed. 'su' is from shadow-4.8.1. > > > > Looking at shadow, I've made two changes since my last successful > > build: > > > > First, I applied the change to make the first user 1000 (until now I > > had omitted that) > > > > sed -i 's/1000/999/' etc/useradd > > > > Second, I changed the sed to force SHA512 to match the book (just > > reformatting) and git shows the following for my change: > > > > -sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \ > > - -e 's@/var/spool/mail@/var/mail@' etc/login.defs 2>$KM_LOG > > +sed -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \ > > +-e 's@/var/spool/mail@/var/mail@' \ > > +-i etc/login.defs 2>$KM_LOG > > > > I'm at a loss to know where I should be looking. Any suggestions, > > please ? > > I'm still a little behind you. I have not built PAM yet, but have you > rebuilt shadow after PAM? > > -- Bruce > Hi Bruce, I have not installed PAM at this point. ĸen -- He died at the console, of hunger and thirst. Next day he was buried, face-down, nine-edge first. - the perfect programmer -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
Re: [lfs-support] Users cannot su in svn-20200616
On Wed, 17 Jun 2020 18:45:44 +0100 Ken Moffat wrote: > On Wed, Jun 17, 2020 at 12:19:25PM -0400, Scott Andrews wrote: > > On Wed, 17 Jun 2020 15:19:14 +0100 > > Ken Moffat wrote: > > > > > I've now completed, and booted, a build of the new-style LFS. I'm > > > loggied in (and using ssh to write this post). Both my normal > > > users (ken, lfs), as well as root can login - so the passwords are > > > correct. > > > > > > But only root can su, so I'm not going to be able to build > > > anything after I've built X and run 'startx'. > > > > > > If I try to su, either to root or to another user, I get: > > > > > > ken@plexi /sources/scripts/lfs-dev/git$ su - lfs > > > Password: > > > su: Authentication failure > > > > > > And /var/log/auth.log shows > > > > > > Jun 17 14:48:04 plexi su[14069]: Authentication failed for root > > > Jun 17 14:48:04 plexi su[14069]: FAILED su for root by ken > > > Jun 17 14:48:04 plexi su[14069]: - /dev/tty2 ken:rootJun 17 > > > 14:49:10 plexi su[14077]: Authentication failed for root Jun 17 > > > 14:49:10 plexi su[14077]: FAILED su for root by lfs Jun 17 > > > 14:49:10 plexi su[14077]: > > > - /dev/tty2 lfs:root [...] > > > Jun 17 14:50:19 plexi su[14086]: Authentication failed for root > > > Jun 17 14:50:19 plexi su[14086]: FAILED su for root by ken > > > Jun 17 14:50:19 plexi su[14086]: - /dev/tty3 ken:root > > > Jun 17 15:01:05 plexi su[14206]: Authentication failed for lfs > > > Jun 17 15:01:05 plexi su[14206]: FAILED su for lfs by ken > > > Jun 17 15:01:05 plexi su[14206]: - /dev/tty5 ken:lfs > > > Jun 17 15:02:48 plexi su[14207]: Successful su for ken by root > > > Jun 17 15:02:48 plexi su[14207]: + /dev/tty2 root:ken > > > > > > At this point I don't have PAM installed. 'su' is from > > > shadow-4.8.1. > > > > > > Looking at shadow, I've made two changes since my last successful > > > build: > > > > > > First, I applied the change to make the first user 1000 (until > > > now I had omitted that) > > > > > > sed -i 's/1000/999/' etc/useradd > > > > > > Second, I changed the sed to force SHA512 to match the book (just > > > reformatting) and git shows the following for my change: > > > > > > -sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \ > > > - -e 's@/var/spool/mail@/var/mail@' etc/login.defs 2>$KM_LOG > > > +sed -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \ > > > +-e 's@/var/spool/mail@/var/mail@' \ > > > +-i etc/login.defs 2>$KM_LOG > > > > > > I'm at a loss to know where I should be looking. Any suggestions, > > > please ? > > > > > > ĸen > > > > Check these perms first > > > > sudo owned by root:root and has chmod +s > > libexec/sudo/sudoers.so owned by root:root > > chmod 440 /etc/sudoers > > chown 0:0 /etc/sudoers > > chown 0:0 /etc/sudoers.d > > chown 0:0 /etc/sudoers.d/lfs-no-passwd > > chmod 440 /etc/sudoers.d/lfs-no-passwd > > > The problem is with su, not sudo. On desktops I eventually install > sudo to allow me to do a few specific things (principally invoke > pm-suspend or pm-hibernate), but that comes much later. > > ĸen Check the perms on the su files, owned by root and setuid -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
Re: [lfs-support] Users cannot su in svn-20200616
On Wed, 17 Jun 2020 15:19:14 +0100 Ken Moffat wrote: > I've now completed, and booted, a build of the new-style LFS. I'm > loggied in (and using ssh to write this post). Both my normal > users (ken, lfs), as well as root can login - so the passwords are > correct. > > But only root can su, so I'm not going to be able to build anything > after I've built X and run 'startx'. > > If I try to su, either to root or to another user, I get: > > ken@plexi /sources/scripts/lfs-dev/git$ su - lfs > Password: > su: Authentication failure > > And /var/log/auth.log shows > > Jun 17 14:48:04 plexi su[14069]: Authentication failed for root > Jun 17 14:48:04 plexi su[14069]: FAILED su for root by ken > Jun 17 14:48:04 plexi su[14069]: - /dev/tty2 ken:rootJun 17 14:49:10 > plexi su[14077]: Authentication failed for root Jun 17 14:49:10 plexi > su[14077]: FAILED su for root by lfs Jun 17 14:49:10 plexi su[14077]: > - /dev/tty2 lfs:root [...] > Jun 17 14:50:19 plexi su[14086]: Authentication failed for root > Jun 17 14:50:19 plexi su[14086]: FAILED su for root by ken > Jun 17 14:50:19 plexi su[14086]: - /dev/tty3 ken:root > Jun 17 15:01:05 plexi su[14206]: Authentication failed for lfs > Jun 17 15:01:05 plexi su[14206]: FAILED su for lfs by ken > Jun 17 15:01:05 plexi su[14206]: - /dev/tty5 ken:lfs > Jun 17 15:02:48 plexi su[14207]: Successful su for ken by root > Jun 17 15:02:48 plexi su[14207]: + /dev/tty2 root:ken > > At this point I don't have PAM installed. 'su' is from shadow-4.8.1. > > Looking at shadow, I've made two changes since my last successful > build: > > First, I applied the change to make the first user 1000 (until now I > had omitted that) > > sed -i 's/1000/999/' etc/useradd > > Second, I changed the sed to force SHA512 to match the book (just > reformatting) and git shows the following for my change: > > -sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \ > - -e 's@/var/spool/mail@/var/mail@' etc/login.defs 2>$KM_LOG > +sed -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \ > +-e 's@/var/spool/mail@/var/mail@' \ > +-i etc/login.defs 2>$KM_LOG > > I'm at a loss to know where I should be looking. Any suggestions, > please ? > > ĸen Check these perms first sudo owned by root:root and has chmod +s libexec/sudo/sudoers.so owned by root:root chmod 440 /etc/sudoers chown 0:0 /etc/sudoers chown 0:0 /etc/sudoers.d chown 0:0 /etc/sudoers.d/lfs-no-passwd chmod 440 /etc/sudoers.d/lfs-no-passwd -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
Re: [lfs-support] Users cannot su in svn-20200616
On Wed, Jun 17, 2020, 09:04 Ken Moffat wrote: > On Wed, Jun 17, 2020 at 09:26:19AM -0500, Bruce Dubbs wrote: > > On 6/17/20 9:19 AM, Ken Moffat wrote: > > > I've now completed, and booted, a build of the new-style LFS. I'm > > > loggied in (and using ssh to write this post). Both my normal > > > users (ken, lfs), as well as root can login - so the passwords are > > > correct. > > > > > > But only root can su, so I'm not going to be able to build anything > > > after I've built X and run 'startx'. > > > > > > If I try to su, either to root or to another user, I get: > > > > > > ken@plexi /sources/scripts/lfs-dev/git$ su - lfs > > > Password: > > > su: Authentication failure > > > > > > And /var/log/auth.log shows > > > > > > Jun 17 14:48:04 plexi su[14069]: Authentication failed for root > > > Jun 17 14:48:04 plexi su[14069]: FAILED su for root by ken > > > Jun 17 14:48:04 plexi su[14069]: - /dev/tty2 ken:rootJun 17 14:49:10 > plexi su[14077]: Authentication failed for root > > > Jun 17 14:49:10 plexi su[14077]: FAILED su for root by lfs > > > Jun 17 14:49:10 plexi su[14077]: - /dev/tty2 lfs:root > > > [...] > > > Jun 17 14:50:19 plexi su[14086]: Authentication failed for root > > > Jun 17 14:50:19 plexi su[14086]: FAILED su for root by ken > > > Jun 17 14:50:19 plexi su[14086]: - /dev/tty3 ken:root > > > Jun 17 15:01:05 plexi su[14206]: Authentication failed for lfs > > > Jun 17 15:01:05 plexi su[14206]: FAILED su for lfs by ken > > > Jun 17 15:01:05 plexi su[14206]: - /dev/tty5 ken:lfs > > > Jun 17 15:02:48 plexi su[14207]: Successful su for ken by root > > > Jun 17 15:02:48 plexi su[14207]: + /dev/tty2 root:ken > > > > > > At this point I don't have PAM installed. 'su' is from shadow-4.8.1. > > > > > > > Looking at shadow, I've made two changes since my last successful > > > build: > > > > > > First, I applied the change to make the first user 1000 (until now I > > > had omitted that) > > > > > > sed -i 's/1000/999/' etc/useradd > > > > > > Second, I changed the sed to force SHA512 to match the book (just > > > reformatting) and git shows the following for my change: > > > > > > -sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \ > > > - -e 's@/var/spool/mail@/var/mail@' etc/login.defs 2>$KM_LOG > > > +sed -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \ > > > +-e 's@/var/spool/mail@/var/mail@' \ > > > +-i etc/login.defs 2>$KM_LOG > > > > > > I'm at a loss to know where I should be looking. Any suggestions, > > > please ? > > > > I'm still a little behind you. I have not built PAM yet, but have you > > rebuilt shadow after PAM? > > > > -- Bruce > > > Hi Bruce, I have not installed PAM at this point. > > ĸen > -- >He died at the console, of hunger and thirst. >Next day he was buried, face-down, nine-edge first. > - the perfect programmer > -- > http://lists.linuxfromscratch.org/listinfo/lfs-support > FAQ: http://www.linuxfromscratch.org/blfs/faq.html > Unsubscribe: See the above information page > > Do not top post on this list. > > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > A: Top-posting. > Q: What is the most annoying thing in e-mail? > > http://en.wikipedia.org/wiki/Posting_style So, can you humor me, and add the pound sign in front of the new encryption method? It's been missing for, I don't know, at least 2 years? So the new sed would be: sed -e 's@#ENCRYPT_METHOD DES@#ENCRYPT_METHOD SHA512@' Flareon Zulu > > -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
Re: [lfs-support] Users cannot su in svn-20200616
On 6/17/20 9:19 AM, Ken Moffat wrote: I've now completed, and booted, a build of the new-style LFS. I'm loggied in (and using ssh to write this post). Both my normal users (ken, lfs), as well as root can login - so the passwords are correct. But only root can su, so I'm not going to be able to build anything after I've built X and run 'startx'. If I try to su, either to root or to another user, I get: ken@plexi /sources/scripts/lfs-dev/git$ su - lfs Password: su: Authentication failure And /var/log/auth.log shows Jun 17 14:48:04 plexi su[14069]: Authentication failed for root Jun 17 14:48:04 plexi su[14069]: FAILED su for root by ken Jun 17 14:48:04 plexi su[14069]: - /dev/tty2 ken:rootJun 17 14:49:10 plexi su[14077]: Authentication failed for root Jun 17 14:49:10 plexi su[14077]: FAILED su for root by lfs Jun 17 14:49:10 plexi su[14077]: - /dev/tty2 lfs:root [...] Jun 17 14:50:19 plexi su[14086]: Authentication failed for root Jun 17 14:50:19 plexi su[14086]: FAILED su for root by ken Jun 17 14:50:19 plexi su[14086]: - /dev/tty3 ken:root Jun 17 15:01:05 plexi su[14206]: Authentication failed for lfs Jun 17 15:01:05 plexi su[14206]: FAILED su for lfs by ken Jun 17 15:01:05 plexi su[14206]: - /dev/tty5 ken:lfs Jun 17 15:02:48 plexi su[14207]: Successful su for ken by root Jun 17 15:02:48 plexi su[14207]: + /dev/tty2 root:ken At this point I don't have PAM installed. 'su' is from shadow-4.8.1. Looking at shadow, I've made two changes since my last successful build: First, I applied the change to make the first user 1000 (until now I had omitted that) sed -i 's/1000/999/' etc/useradd Second, I changed the sed to force SHA512 to match the book (just reformatting) and git shows the following for my change: -sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \ - -e 's@/var/spool/mail@/var/mail@' etc/login.defs 2>$KM_LOG +sed -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \ +-e 's@/var/spool/mail@/var/mail@' \ +-i etc/login.defs 2>$KM_LOG I'm at a loss to know where I should be looking. Any suggestions, please ? I'm still a little behind you. I have not built PAM yet, but have you rebuilt shadow after PAM? -- Bruce -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style