# can't su or sux

## XenoTerraCide

ok subject isn't entirely true... I can su or sux if I run it as sudo... but if I run it as my user it always fails on password authentication. I know the password is correct.... 1 I can't have mistyped that many times and 2 I changed it  after a few times to make sure that wasn't the problem. I checked to make sure my user is part of group wheel and he is... does something else need to be set? has a use flag on pam or shadow or something changed in the new release that would affect this? I also can use this password to logon directly to root.

----------

## ChrisWhite

what's the output of groups then?

----------

## XenoTerraCide

groups

```
wheel audio cdrom cdrw users portage xenoterracide plugdev torrent
```

----------

## ChrisWhite

ok.. what's the output of `emerge -pv shadow pam-login`?

----------

## XenoTerraCide

```
[blocks B     ] >=sys-apps/shadow-4.0.14-r2 (is blocking sys-apps/pam-login-4.0.14)

[ebuild   R   ] sys-apps/shadow-4.0.15-r2  USE="nls pam -nousuid (-selinux) -skey" 0 kB

[ebuild  N    ] sys-apps/pam-login-4.0.14  USE="nls -livecd (-selinux) -skey" 1,217 kB

```

----------

## ChrisWhite

Besides doing an etc-update and seeing if it's a missed config file I've got nothing :/

----------

## <3

post your /etc/sudoers file. maybe that will lead to something

----------

## XenoTerraCide

not sure what it will accomplish... other than the fact that I don't require a password to use sudo   :Wink:  it shouldn't affect su or sux at all. 

```
# sudoers file.

#

# This file MUST be edited with the 'visudo' command as root.

#

# See the sudoers man page for the details on how to write a sudoers file.

#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification

# Reset environment by default

Defaults        env_reset

# Uncomment to allow users in group wheel to export variables

# Defaults:%wheel       !env_reset

# Allow users in group users to export specific variables

# Defaults:%users       env_keep=TZ

# Allow specific user to bypass env_delete for TERMCAP

# Defaults:user     env_delete-=TERMCAP

# Set default EDITOR to vi, and do not allow visudo to use EDITOR/VISUAL.

Defaults        editor=/usr/bin/vim, !env_editor

# Runas alias specification

# *** REMEMBER ***************************************************

# * GIVING SUDO ACCESS TO USERS ALLOWS THEM TO RUN THE SPECIFIED *

# * COMMANDS WITH ELEVATED PRIVILEGES.                           *

# *                                                              *

# * NEVER PERMIT UNTRUSTED USERS TO ACCESS SUDO.                 *

# ****************************************************************

# User privilege specification

root    ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands

# %wheel        ALL=(ALL)       ALL

# Same thing without a password

%wheel  ALL=(ALL)       NOPASSWD: ALL

# Users in group www are allowed to  edit httpd.conf and ftpd.conf

# using sudoedit, or sudo -e, without a password.

# %www          ALL=(ALL)       NOPASSWD: sudoedit /etc/httpd.conf, /etc/ftpd.conf

# Samples

# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom

# %users  localhost=/sbin/shutdown -h now

```

 oh and the etc-update updated nothing relevant. (just portmap)

----------

## XenoTerraCide

what is it about wheel that allows members to su to root? does su have a configuration file somewhere?

----------

## <3

oh I think I may have misread your original question, your problem isn't with sudo it's with trying to su as root am I correct?

----------

## XenoTerraCide

su (or sux ) as a user to root.

----------

## XenoTerraCide

I had the interesting idea to run su in gdb...

```
(gdb) run

Starting program:

No executable file specified.

Use the "file" or "exec-file" command.

(gdb) exec-file /bin/su

/bin/su: Permission denied.

```

hmm... don't know if I did it right but weird... also I did run gdb su to start it. and starting it as root works perfectly.

----------

## ChrisWhite

do an ls -la  on it to see what's up.

----------

## XenoTerraCide

```
-rwx--x--x 1 root root 26700 Sep 11 17:11 /bin/su

-rwxr-xr-x 1 root root 9444 Sep  8 23:14 /usr/bin/sux

```

----------

## XenoTerraCide

am being told that su is supposed to be suid. is that correct? if so. I did not mess with the permissions... portage set them. is the nousuid flag supposed to be on? that doesn't seem right...

----------

## desultory

 *XenoTerraCide wrote:*   

> am being told that su is supposed to be suid. is that correct?

 

It is.

 *XenoTerraCide wrote:*   

> if so. I did not mess with the permissions... portage set them. is the nousuid flag supposed to be on? that doesn't seem right...

 

Do you mean the nousuid USE flag for sys-apps/shadow? If so, having that set the suid bit should be set on /bin/su exclusively among the programs installed as part of sys-apps/shadow.

----------

