PDA

View Full Version : su Fails with permission denied, no changes



jawst81
20th April 2006, 03:53 PM
All of the sudden, my FC5 box fails when su'ing to root. I get the following message when I type the command su - and put in the password:

su: /bin/bash: Permission denied.

If I watch the /var/log/secure log file while doing it, it shows session opened for user root immediately followed by session closed.

I have tried setting root up to use other shells, same response, only with the appropriate shell in the message.

Also, in X, programs that require root access (ie. changing date and time) fail with an incorrect password error when I type in root password.

The box is set up with winbind and samba to log on using a W2K domain controller. Other than that, no changes have been made to anything on the machine. All worked fine until the other day.

Only updates have been applied to the box. Any suggestions as to what might have caused this issue, or how to fix it?

tashirosgt
20th April 2006, 04:25 PM
This article traced a similar problem for non-root users to permissions on a library file:
http://linuxgazette.net/issue52/okopnik.html

jawst81
21st April 2006, 12:53 PM
Well, I had found that article before posting, but after reading it didn't seem like the same problem.

At this point, I can log into the box as any user. I can su to any user from root successfully. It's when I'm logged in as a standard user, not root, and then try to su to root which fails. So it doesn't seem to be a permissions issue, because I would think that would break logging in from any situation, not just su'ing.

It almost seems like an issue with the su command itself not having permissions to execute something correctly. However, su is owned by root and has the appropriate permissions on it.

The only thing I have thought it might be is a problem with SELinux, but I can't believe if it was that, that I'd be the only person having problems. And since I'm not exactly familiar with SELinux (other than the fact that if you do something incorrectly, it can cause problems), so I don't want to mess around with it too much.

tashirosgt
21st April 2006, 03:36 PM
Perhaps you can turn off SElinux temporarily by adding an option to the boot line of grub. Something like selinux=0. There was another post recently that mentioned this.

I can think of various ways to do su (or "su -"). You can do it in a gnome terminal, or in a console (CTRL-ALT-F2). You could login as root, su to another user and then su back to root. If the process fails everytime you are required to enter a password then I would suspect the investigative methods of that article would be useful , even if it is not the same problem.

jawst81
21st April 2006, 06:30 PM
Well, that process does fail if I log in as root, su to user, then try to su back to root. But I actually was a bit inaccurate when I said that in X anything that requires root access fails. There are things I can get into that require root access, for instance the Users and Groups utility. When I go into that, it prompts for the password, which I type in, and the process succeeds.

I'll take another look at that article. Perhaps I missed something in it.


Amend:

Well, I checked all the perms for everything in /lib and compared it to another box I have with FC5 installed on it. All perms and files are identical, so it's not a lib permissions error.