# You are not authorized to su root

## Parksy

I'm trying to finish up a new gentoo installation on my laptop.  I'm using nptl and reiser4.  I did the same thing with my desktop last week and it works fine. 

Here's my problem:

```
darcy@darthink ~ $ su -

You are not authorized to su root
```

I'm pretty sure the groups are ok.

```
darcy@darthink ~ $ groups

wheel audio users

darcy@darthink ~ $ grep -i wheel /etc/group

wheel::10:root,darcy
```

I've tried other things from the FAQ.

```
darthink ~ # ls -l /bin/su

-rwsr-xr-x  1 root root 33504 Dec 28 02:11 /bin/su
```

That seems fine.

And so I log out and back in (just to be sure), and the problem persists.

The only weird thing is the error message:

```
You are not authorized to su root
```

I've read a bunch of threads about this problem, but I've never seen that exact error message.  For that reason I'm guessing it's some new package that's screwing things up (or missing?).  I've tried re-emerging pam and shadow, but to no avail.  I've also created new users, but they all have the same problem.

----------

## papal_authority

Dunno if this is a problem, but I've always used an "x" in the 2nd field:

```
wheel:x:10:root,darcy
```

Maybe try that and then logout and in again...

----------

## Parksy

 *papal_authority wrote:*   

> Dunno if this is a problem, but I've always used an "x" in the 2nd field:
> 
> ```
> wheel:x:10:root,darcy
> ```
> ...

 

Tried it, but no success.  My other box is like mine was, and it works fine.  Thanks for the idea though.

----------

## Trevoke

Try just "su" ?

Shouldn't make a difference... But who knows.

----------

## nickeh

Do a 

```

groups darcy

```

instead to check if the user is in wheel group

----------

## Parksy

su does the same thing, and

```
darthink ~ # groups darcy

wheel audio users
```

----------

## pjp

How is /etc/pam.d/su configured?

----------

## r3pek

if you don't have pam installed, you can't su "normally".

you have to do: 

```
chown root:wheel /bin/su

chmod 4750 /bin/su
```

and comment out SU_WHEEL_ONLY in /etc/login.defs

----------

## Parksy

 *pjp wrote:*   

> How is /etc/pam.d/su configured?

 

That file didn't exist.  I copied it from my working system, but nothing changed.

 *r3pek wrote:*   

> if you don't have pam installed, you can't su "normally".
> 
> you have to do: 
> 
> ```
> ...

 

```
emerge pam -s

<snip>

*  sys-libs/pam

      Latest version available: 0.77-r4

      Latest version installed: 0.77-r4

      Size of downloaded files: 3,552 kB

      Homepage:    http://www.kernel.org/pub/linux/libs/pam/

      Description: Pluggable Authentication Modules

      License:     PAM

<snip>
```

Is there anything else to install?

I tried changing the permissions on /bin/su and commenting out that line.  I now get a password prompt, but even when I type the right password (I'm sure of it) I just get

```
darcy@darthink ~ $ su -

Password:

Sorry.
```

----------

## Parksy

I've left this post alone for a while because I've moved and started a new job.  My laptop is sitting on the backburner, but this problem has now cropped up on my main desktop.  It really came out of nowhere.  I had shut down my computer to take out a network card, and suddenly this happened again.

I didn't do much before I shut down the pc.  I had done sync'ed and checked new updates (emerge -uDpv) but I didn't actually go through with any of the updates.

----------

## Parksy

I've figured out my problem.  I had set

```
-*
```

in my use flags, and that disabled pam support from shadow.  I removed that flag, then re-emerged shadow and pam. (Not sure if pam needed to be re-emerged, but it didn't seem to hurt).

----------

