[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] was - SU from user other ... - now SU won't work

Subject: Re: [cobalt-users] was - SU from user other ... - now SU won't work
From: Greg Hewitt-Long <greg@xxxxxxxxxxxxxxxxxxx>
Date: Sun Feb 3 07:55:15 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

>Hi,
>
>I am truly sorry. I was trying to help, not to complicate your life...
>
>After modifiying your su file, you should modify your users so they belong
>to the group 'wheel' (which will be then allowed to su to root.) You can do
>this with this command:
>    usermod -G10 admin
>    (supposing that the wheel group's id is '10' and your user is 'admin')
>
>Probably that's why now you can not su to root: your user is not belonging
>to the wheel group.
>
>Did you try to directly login as root? Maybe this is still working and from
>there you can change your user groups.


OK - thanks - root login works, root and admin are in wheel, which is group 10 - /etc/pam.d/su is this:


#%PAM-1.0
auth       required     /lib/security/pam_wheel.so
auth       sufficient   /lib/security/pam_rootok.so
auth       required     /lib/security/pam_pwdb.so shadow nullok
account    required     /lib/security/pam_pwdb.so
password   required     /lib/security/pam_cracklib.so
password   required     /lib/security/pam_pwdb.so shadow use_authtok nullok
session    required     /lib/security/pam_pwdb.so
session    optional     /lib/security/pam_xauth.so


and when I login as admin, I can't su to root, and I can STILL login as root directly.

Here is my aim:

I want the RAQ3 to be back how it was before I ever installed "patches" or upgrades to the OS in terms of admin and root login/su ability, ie:

root can not login directly
admin can su to root - no-one else except other wheel group users can su to root

Any ideas how I can get the machine back to that stage?

tia

Greg



>
>Regards,
>Tomás
>
>
>> ok, I implemented the two lines suggested by Tomas and later by flash22, ie:
>>
>> auth sufficient /lib/security/pam_rootok.so debug
>> auth required /lib/security/pam_wheel.so group=wheel
>>
>>
>> into pam.d
>>
>> Thanks - thanks a lot!  Now SU don't work PERIOD!
>>
>> So I've now got a RAQ3 without the ability to SU to root.
>>
>> So I thought, no problem, I'll make a setuid bash on the raq4, tar it across
>> and execute it, reset my pam.d and I'm fine - only it don't work - the setuid
>> bit falls off and now I'm totally cranky...
>>
>> I'm leaving the machine alone for a while, and posting here, in the hope that
>> when I come back, I'll either have had another bright idea (like NOT listening
>> to you lot without building my backup FIRST, or thought of some other way to
>> make a SETUID shell) - or HOPEFULLY, someone can post a quick fix for me
>> too...
>>
>>
>> tia and good night....  grrrr..
>>
>>
>> Greg
>
>+--                                         --+
>       Tomás García Ferrari
>       Bigital
>       http://bigital.com/
>+--                                         --+
>
>
>_______________________________________________
>cobalt-users mailing list
>cobalt-users@xxxxxxxxxxxxxxx
>To Subscribe or Unsubscribe, please go to:
>http://list.cobalt.com/mailman/listinfo/cobalt-users

-- 
http://www.webyourbusiness.com/
Providers of E-Commerce Software &
Web Design Consultancy and Services.
PH: (970)266-0195 FAX: (970)266-0158

References:
- Re: [cobalt-users] was - SU from user other ... - now SU won't work
  - From: Tomas Garcia Ferrari

Prev by Date: Re: [cobalt-users] Quick Mnogosearch Question
Next by Date: Re: [cobalt-users] Complete disaster
Previous by thread: Re: [cobalt-users] was - SU from user other ... - now SU won't work
Next by thread: Re: [cobalt-users] was - SU from user other ... - now SU won't work

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index