[plug] gentoo progress

Jim Householder nofixed at westnet.com.au
Wed Aug 17 19:21:47 WST 2005


Mark O'Shea wrote:
> On Wed, 2005-08-17 at 16:16 +0800, Jim Householder wrote:
> 
>>I'm now having a bit of trouble accessing root privileges.  I can login 
>>as root with no problems.
>>
>>su gets me:
>>$ su
>><same password again>
>>su: permission denied
>>Sorry.
>>$
>>
>>man su  sheds no light on this.
> 
> Hi Jim,
> 
> First thing I would check with that is that su is suid so the utility
> has the permission to change your uid.
> Try:
> ls -l /bin/su
> 
> If the result doesn't start:
> -rwsr-xr-x 

-rws--x--x

> then there is a problem.
> 

/etc/pam.d/su:
#%PAM-1.0

auth       sufficient   /lib/security/pam_rootok.so

# If you want to restrict users begin allowed to su even more,
# create /etc/security/suauth.allow (or to that matter) that is only
# writable by root, and add users that are allowed to su to that
# file, one per line.
#auth       required     /lib/security/pam_listfile.so item=ruser 
sense=allow onerr=fail file=/etc/security/suauth.allow

# Uncomment this to allow users in the wheel group to su without
# entering a passwd.
#auth       sufficient   /lib/security/pam_wheel.so use_uid trust

# Alternatively to above, you can implement a list of users that do
# not need to supply a passwd with a list.
#auth       sufficient   /lib/security/pam_listfile.so item=ruser 
sense=allow onerr=fail file=/etc/security/suauth.nopass

# Comment this to allow any user, even those not in the 'wheel'
# group to su
auth       required     /lib/security/pam_wheel.so use_uid

auth       required     /lib/security/pam_stack.so service=system-auth

account    required     /lib/security/pam_stack.so service=system-auth

password   required     /lib/security/pam_stack.so service=system-auth

session    required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_env.so
session    optional     /lib/security/pam_xauth.so


It looks like I'm going to have to bite the bullet and learn a bit about 
security.........

Jim



More information about the plug mailing list