# trouble with su command in xterm [solved]

## dilandau

when i enter su in xterm and the password nothing happens until i press CTRL-C. it worked yesterday and teh password still works when loggin in as root from annother console. only the xterm refuses to work.

----------

## jkt

does it say anything into syslog? (/var/log/auth.log or /var/log/messages,...)

----------

## dilandau

interestingly i have neither of these two logfiles, though metalog is running.

in /valr/log/everything/current i found at last (when trying the su from xterm):

Dec  5 18:14:04 [su] PAM pam_putenv: delete non-existent entry; REMOTEHOST

Dec  5 18:14:04 [PAM-env] Unknown PAM_ITEM: <XAUTHORITY>

Dec  5 18:14:04 [su] PAM pam_putenv: delete non-existent entry; XAUTHORITY

Dec  5 18:14:04 [su(pam_unix)] session opened for user root by (uid=1000)

Dec  5 18:14:04 [su] PAM pam_putenv: delete non-existent entry; REMOTEHOST

Dec  5 18:14:04 [PAM-env] Unknown PAM_ITEM: <XAUTHORITY>

Dec  5 18:14:04 [su] PAM pam_putenv: delete non-existent entry; XAUTHORITY

after this time the su works. so if i wait teh two minutes, it works.

(login as root from console still works in instant time)

----------

## jkt

yeah, exact locations depend on your setup.

so it has a delay of two minutes?

----------

## dilandau

i find these locations uncommon. is there an easy way to change them to a more "standard" (if such exists)?

yeah, su takes some time. i can switch console sometimes and display a long textfile on annother console until the prompt in the xterm is ready. it probably has to do domething with pam and xauthority. i never underdtood what that means.

----------

## jkt

 *dilandau wrote:*   

> i find these locations uncommon. is there an easy way to change them to a more "standard" (if such exists)?
> 
> 

 

I'm using syslog-ng personally, but I'm sure metalog has some way of filtering/moving different facilities/importance into several files. consult it's docs  :Smile: 

 *Quote:*   

> 
> 
> yeah, su takes some time. i can switch console sometimes and display a long textfile on annother console until the prompt in the xterm is ready. it probably has to do domething with pam and xauthority. i never underdtood what that means.

 

you can start with comparing /etc/pam.d/su with /etc/pam.d/login (maybe something else) and trying to temporarily comment-out the differences in su to see what feature is causing troubles.

----------

## dilandau

these two lines caused the problems:

#session    required     /lib/security/pam_env.so

#session    optional    /lib/security/pam_xauth.so

the first one took the most time, teh second only a notably one second.

how can i know what they are for and that my system still works as expectedwith those two lines removed? as i said, the su command worked right yesterday and i didnt change on the system. something else must be the reason.

----------

## jkt

 *dilandau wrote:*   

> these two lines caused the problems:
> 
> #session    required     /lib/security/pam_env.so
> 
> 

 

have a look at /etc/security/pam_env.conf

 *Quote:*   

> 
> 
> #session    optional    /lib/security/pam_xauth.so
> 
> 

 

this should be ok. uncomment it.

----------

## dilandau

not ok. the second line really makes the longest wait. you say it shouldnt...

----------

## jkt

 *dilandau wrote:*   

> not ok. the second line really makes the longest wait. you say it shouldnt...

 

 *Quote:*   

> the first one took the most time, teh second only a notably one second.

 

I'm confused...

----------

## dilandau

i commented out two lines. both produce errors. teh first one produces a delay of two seconds, the second one produces a delay of ~30 seconds. the conf file looks ok. i added two times a seemingly missing "" after an = though that didnt change anything. maybe the "" were not needed at all to indicate an empty string. its just annoterh configuration script that sets some variables. expecially the xauthority variable and the display variable are the ones that appeared in the logfile. could there be something with the devices not right? i have no idea.

----------

## jkt

 *dilandau wrote:*   

> i commented out two lines. both produce errors. teh first one produces a delay of two seconds, the second one produces a delay of ~30 seconds.

 

so pam_env delays for about 2 secs and pam_xauth for half a minute?

 *Quote:*   

> the conf file looks ok. i added two times a seemingly missing "" after an = though that didnt change anything. maybe the "" were not needed at all to indicate an empty string. its just annoterh configuration script that sets some variables. expecially the xauthority variable and the display variable are the ones that appeared in the logfile. could there be something with the devices not right? i have no idea.

 

what "" are you talking about?

----------

## dilandau

you mentioned /etc/security/pam_env.conf

there was 

REMOTEHOST      DEFAULT= OVERRIDE=@{PAM_RHOST}              

#                                                                              

# Set the DISPLAY variable if it seems reasonable                              

DISPLAY         DEFAULT="" OVERRIDE=${DISPLAY}                            

#                                                                              

# Set the XAUTHORITY variable if pam_xauth is used                           

XAUTHORITY      DEFAULT= OVERRIDE=@{XAUTHORITY}

and i changed it to

REMOTEHOST      DEFAULT="" OVERRIDE=@{PAM_RHOST}              

#                                                                              

# Set the DISPLAY variable if it seems reasonable                              

DISPLAY         DEFAULT="" OVERRIDE=${DISPLAY}                            

#                                                                              

# Set the XAUTHORITY variable if pam_xauth is used                           

XAUTHORITY      DEFAULT="" OVERRIDE=@{XAUTHORITY}

the problem is still there.

----------

## jkt

my is (after separation fo some comments):

```

# First, some special variables

#

# Set the REMOTEHOST variable for any hosts that are remote, default

# to "localhost" rather than not being set at all

# Note: Rather set default to "", as DISPLAY=localhost:0.0 do not work

#       here at least.

REMOTEHOST      DEFAULT= OVERRIDE=@{PAM_RHOST}

#

# Set the DISPLAY variable if it seems reasonable

DISPLAY         DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}

#

# Set the XAUTHORITY variable if pam_xauth is used

XAUTHORITY      DEFAULT= OVERRIDE=@{XAUTHORITY}

```

----------

## dilandau

i took your line. problem still present.

----------

## jkt

weird  :Sad: . `set`?

----------

## dilandau

solution:

some autologin hack (?) made the homedir of the user belonging to root. chown <username> /home/<username> repaired everything.

----------

