# su to root configuration error - unknown item

## sinisterdomestik

not sure if this is the right forum, but everytime i try and su, i get this, although it lets me change to root, not sure why, or what, this is/means

```
sinister@BlackBeauty:~ su -

Password: 

configuration error - unknown item 'FAILLOG_ENAB' (notify administrator)

configuration error - unknown item 'LASTLOG_ENAB' (notify administrator)

configuration error - unknown item 'MOTD_FILE' (notify administrator)

configuration error - unknown item 'FTMP_FILE' (notify administrator)

configuration error - unknown item 'ENV_PATH' (notify administrator)

configuration error - unknown item 'ENV_ROOTPATH' (notify administrator)

configuration error - unknown item 'ENV_SUPATH' (notify administrator)

configuration error - unknown item 'PASS_MIN_LEN' (notify administrator)

configuration error - unknown item 'CHFN_AUTH' (notify administrator)

root@BlackBeauty:~ 
```

anyone know what these mean??

Mod Edit: Made sticky and changed the title from "su to root error" - tomk

Unstuck. -- desultory

----------

## v3rtigo

Did you do etc-update after your last emerge?

I remember i had same problem few days ago when tried to login as root it solved after etc-update.

----------

## sinisterdomestik

ahhhhh, easy fix  :Smile:  thanks

----------

## zietbukuel

I cant fix it i get these message:

configuration error - unknown item 'PASS_MIN_LEN' (notify administrator)

BUT i have this in my /etc/login.defs

PASS_MIN_LEN 5

I already reinstalled pam-login, replaced the config files with the new ones, etc... any help?

----------

## Blue Fox

Well, up, this is happening to me today(ziet's problem, not the first one)   :Crying or Very sad: 

----------

## Blue Fox

I've figured this one out: In /etc/login.defs there is a line 

```

PASS_MIN_LEN 5 
```

 at the end of the file, commented it out and error is gone.  :Smile: 

----------

## grad_guy

I did this.

```
etc-update
```

and

```
env-update && source /etc/profile
```

But it doesn't help at all.

login.defs said those parameters are all optional, some said it'OK to just comment them out.

Is that the right way to fix this?

If someone could confirm me on this, it'd be nice.

##EDIT##

re-emerge pam-login and etc-update didn't help either

----------

## csab

Just the stupid question to you, who could not solve this problem: when you run etc-update, you do let it to update your configuration files, right?

----------

## telengard

 *v3rtigo wrote:*   

> Did you do etc-update after your last emerge?
> 
> I remember i had same problem few days ago when tried to login as root it solved after etc-update.

 

I got this error also, but after building I could have sworn there was no message to update configs via etc-update.  pam was one of the packages that was upgraded.  That did fix the issue for me though, thanks for the help.

~telengard

----------

## grad_guy

 *csab wrote:*   

> Just the stupid question to you, who could not solve this problem: when you run etc-update, you do let it to update your configuration files, right?

 

Sorry for being a noob.

I know I am.

etc-update DOES help fix this if you let it update the config files.

Thanks

##EDIT##

What I actually did are the following(incase some need to know);

etc-update then let it auto-merge (-5)

Then I go after the files I think I change something in there, e.g. /etc/conf.d/local.start , /etc/conf.d/hostname , /etc/conf.d/domainname, /etc/rc.conf ...

And fix them.

I believe the topic deserves a little update, "[SOLVED]".  :Very Happy: 

----------

## t35t0r

The solution to this problem is emerge pam-login and then run dispatch-conf or etc-update and let it update the files, esp login.defs

----------

## StarDragon

Cool, that works... I love you guys!   :Cool: 

----------

## joe82

 *t35t0r wrote:*   

> The solution to this problem is emerge pam-login and then run dispatch-conf or etc-update and let it update the files, esp login.defs

 

Didn't work for me. After emerging pam-login no configuration files should be updatet. etc-update and dispatch-conf don't do anything. Someone may post his /etc/login.defs to check which lines can be removed or uncommented.

Thx

----------

## Pizentios

i just commented out the lines in login.defs that were causing the errors, seems to work fin for me.

----------

## Gherkin

I encountered this error whilst su'ing during an emerge -uD world.  After the emerge was finished I ran etc-update, compared the changes to files I had modified and automerged  the rest.  Problem solved.

----------

## asterix404

You know though, this is a funny funny thing... EVN_ROOTPATH for me is being bitchy. I made a horrid mistake (when will i learn) and deleated the old configs, the things that are like... .__cfg???? whatever. The funny bit from this is this:

ENV_ROOTPATH            /sbin:/bin:/usr/sbin:/usr/bin

ENV_SUPATH              /sbin:/bin:/usr/sbin:/usr/bin

my rootpath defaults to my user path when I log on as root, when I su this actuilly does work. It made my comptuer better! This to me means that they changed a lot of init vars in the last update and didn't bother to make the /etc/login.def backwards compatable thinking that all you would have to do is etc-update. IE I really think that even if you have these errors it's not going to do anything harmful, can someone back me up here though? I can't really see any security holes anywhere from the vars that are here, but this just seems to beg the question... 

Where does root get it's path from? The only thing I could come up with was that the dev's made it just like the users where you have your .bashrc and this defines everything for your env login. If I run into some problems I'll start posting but for now, without a valid actual file, I am not seeing any issues. I could of course be horrably wrong though. ~Ben

----------

## sebastianfietzek

hi!

i had the same problem and i guess i found a working solution, but it is not the best way to fix the problem so if there are other ways try these...

first you have to backup /etc/login.defs and the complete folder /etc/pam.d/ then you do "emerge --unmerge pam pam-login". after that you delete these files and folders (/etc/login.defs and /etc/pam.d/) completely and re-emerge pam and pam-login. (emerge pam pam-login). the last step is to copy the backed-up files back into the /etc-folder and do NOT overwrite the "newly" emerged files.

it worked for me, but like i said: if you can fix it in another way you should do it!

----------

## ptaylor

this one scared me, but the etc-update worked  :Smile: 

```
etc-update

env-update && source /etc/profile

```

yay!

----------

## pacho2

It's a gnome-system-tools bug. If you try to create a new user account using this app, login will fail

----------

## ajmacca

I just wanted to confirm that sebastianfietzek's method worked for me also.  It's only been a day, and I haven't restarted yet, but after running 

```
env-update && source /etc/profile
```

 everything is working fine.  If I encounter any other problems, I'll post them back here.  And before anybody asks, for some reason that escapes me now, I mustn't have let etc-update write a new login.defs file, which is why etc-update doesn't help me.

----------

## pacho2

If you run "users-admin" (from gnome-system-tools), you will suffer the problem again

----------

## avieth

I've got my own solution. What I had done was updated world, then since I don't trust etc-update at all (it f**ked me over before) I didn't let it update anything. So I moved /etc/login.defs to /etc/login.defs.old and remerged pam-login. It worked.

----------

## senthilkumar00

I had the same problem. I actually emerge pam-login and did etc-update with option -3. It worked for me

----------

## ed_f

So the problem seems to be that some oprions are present in /etc/login.defs that the system does not recognize while loging in (or su-ing).

The only problem I had was the line "PASS_MIN_LEN 5".

I looked at the man page for login.defs and could not find any definition for PASS_MIN_LEN, however I found a man page on the internet which describes it as a password restriction option used by passwd (the man page : http://www.cs.vassar.edu/cgi-bin/man2html?login.defs+5). Could this be a deprecated option or distro-specific option or something like that?

I simply removed the line. The I tried to set the password to a very short one, and I still got a warning about the password beein to short.

Then I tried messing about with the user profiles with the gnome-system-tools and quite correctly the line "PASS_MIN_LEN 5" reappeared in /etc/login.defs/

----------

## MilkSjeik

 *avieth wrote:*   

> I've got my own solution. What I had done was updated world, then since I don't trust etc-update at all (it f**ked me over before) I didn't let it update anything. So I moved /etc/login.defs to /etc/login.defs.old and remerged pam-login. It worked.

 

Same thing for me. I've also learned to not use Gnome windows when creating another user  :Wink: 

----------

## pacho2

This gnome app is going to be updated with Gnome 2.14

----------

## mlangc

there's a bug about this:

https://bugs.gentoo.org/show_bug.cgi?id=131097

----------

## mrpete

I've just done an emerge -uD world and now whenever I do an su - I get the following:-

```
peter@xc-cube ~ $ su - root

Password:

configuration error - unknown item 'GETPASS_ASTERISKS' (notify administrator)

```

Anyone know what's happenning and what the solution is please?

----------

## mrpete

Just seen the following in /etc/login.defs and commented the GETPASS_ASTERISKS out. Seems to have fixed the problem.

```
# When prompting for password without echo, getpass() can optionally

# display a random number (in the range 1 to GETPASS_ASTERISKS) of '*'

# characters for each character typed.  This feature is designed to

# confuse people looking over your shoulder when you enter a password :-).

# Also, the new getpass() accepts both Backspace (8) and Delete (127)

# keys to delete previous character (to cope with different terminal

# types), Control-U to delete all characters, and beeps when there are

# no more characters to delete, or too many characters entered.

#

# Setting GETPASS_ASTERISKS to 1 results in more traditional behaviour -

# exactly one '*' displayed for each character typed.

#

# Setting GETPASS_ASTERISKS to 0 disables the '*' characters (Backspace,

# Delete, Control-U and beep continue to work as described above).

#

# Setting GETPASS_ASTERISKS to -1 reverts to the traditional getpass()

# without any new features.  This is the default.

#

#GETPASS_ASTERISKS 0
```

----------

## fridrik

see bug https://bugs.gentoo.org/show_bug.cgi?id=135987

----------

## mrpete

Thanks - this is indeed the same bug and the above is the correct solution:)

----------

## tomk

Merged from here.

----------

## a16b03

Hi, after 

emerge --update system --deep

using

ACCEPT_KEYWORDS="~x86"

when I type login end press enter i see:

configuration error -unknown item 'GETPASS_ASTERISKS' ...

Everything seems to work ok. What is this.

but last time i emerged last KDE i used nls flag and linguas "lv en ru'

When I started kde i couldn't see any character ok buttons, menu and some text boxes.

I wonder what could go wrong. Could it be conected somehow?

Thanks

----------

## a16b03

forgot to mention i use shadow 4.0.16 i gues

----------

## nixnut

Moved from Installing Gentoo to Other Things Gentoo.

Not about getting gentoo installed, so moved here.

----------

## sternklang

There is an open bug against shadow 4.0.16 about this error. It doesn't seem to cause problems, and it doesn't seem to be at all related to your nls/linguas problem.

----------

## adr

I get the same message (~amd64) also with no apparent affects.

----------

## tagwar

In /etc/login.defs:

```

# When prompting for password without echo, getpass() can optionally

# display a random number (in the range 1 to GETPASS_ASTERISKS) of '*'

# characters for each character typed.  This feature is designed to

# confuse people looking over your shoulder when you enter a password :-).

# Also, the new getpass() accepts both Backspace (8) and Delete (127)

# keys to delete previous character (to cope with different terminal

# types), Control-U to delete all characters, and beeps when there are

# no more characters to delete, or too many characters entered.

#

# Setting GETPASS_ASTERISKS to 1 results in more traditional behaviour -

# exactly one '*' displayed for each character typed.

#

# Setting GETPASS_ASTERISKS to 0 disables the '*' characters (Backspace,

# Delete, Control-U and beep continue to work as described above).

#

# Setting GETPASS_ASTERISKS to -1 reverts to the traditional getpass()

# without any new features.  This is the default.

#

GETPASS_ASTERISKS 0

```

Commenting out that last line solved it for me...

----------

## tomk

Merged from here.

----------

## cfgauss

 *t35t0r wrote:*   

> The solution to this problem is emerge pam-login and then run dispatch-conf or etc-update and let it update the files, esp login.defs

 

I don't have pam-login and when I tried to emerge it I saw that shadow was blocking it. I thought about unmerging and re-emerging shadow but when I tried to unmerge it I got a serious warning that I was unmerging an important system package. So I killed the unmerge.

I then commented out the offensive line in /etc/login.defs and all is well.

----------

## chashab

it is possible to run a pamless system, i've done this to all my boxes for several years now.

after moving to pamless, you make get a few variable errors (as described by multiple parent posts) at login, commenting these vars out in /etc/login.defs will resolve this.

----------

## mr_english

Dopo aver fatto l'unmerge di pam-login e fatto l'emerge di shadow, se si dovessero riscontrare problemi al login con messaggi tipo

```
configuration error - unknow item <NOME_VARIABILE>...
```

basta editare il file /etc/login.defs e commentare le righe che contengono le chiavi <NOME_VARIABILE>.

Per una lista degli item accettati da shadow, basta dare un'occhiata alla pagina del manuale di login.def digitando

```
man login.defs
```

 :Laughing: 

----------

## ribx

mr_english: you probably used the wrong language?!  :Smile: 

ok, i had this problem:

```
robin@Gamly ~ $ su -

configuration error - unknown item 'FAILLOG_ENAB' (notify administrator)

configuration error - unknown item 'LASTLOG_ENAB' (notify administrator)

configuration error - unknown item 'MAIL_CHECK_ENAB' (notify administrator)

configuration error - unknown item 'OBSCURE_CHECKS_ENAB' (notify administrator)

configuration error - unknown item 'PORTTIME_CHECKS_ENAB' (notify administrator)

configuration error - unknown item 'QUOTAS_ENAB' (notify administrator)

configuration error - unknown item 'MOTD_FILE' (notify administrator)

configuration error - unknown item 'FTMP_FILE' (notify administrator)

configuration error - unknown item 'NOLOGINS_FILE' (notify administrator)

configuration error - unknown item 'ENV_HZ' (notify administrator)

configuration error - unknown item 'PASS_MIN_LEN' (notify administrator)

configuration error - unknown item 'SU_WHEEL_ONLY' (notify administrator)

configuration error - unknown item 'CRACKLIB_DICTPATH' (notify administrator)

configuration error - unknown item 'PASS_CHANGE_TRIES' (notify administrator)

configuration error - unknown item 'PASS_ALWAYS_WARN' (notify administrator)

configuration error - unknown item 'CHFN_AUTH' (notify administrator)

configuration error - unknown item 'ENVIRON_FILE' (notify administrator)

```

but i could login as root. i have to say, that i have a fresh install and i USE="-pam". i tried to reemerge shadow and checked dispatch-conf. no updates/changes.

then i saw this:

```

robin@Gamly ~ $ which su

/usr/bin/su

robin@Gamly ~ $ qfile /usr/bin/su

robin@Gamly ~ $

```

is it a link?

```

robin@Gamly ~ $ ls -l /usr/bin/su

-rws--x--x 1 root root 42028 Sep  8 15:02 /usr/bin/su

```

no, it isnt. 

```

robin@Gamly ~ $ qfile su

sys-apps/shadow (/bin/su)

```

aha! its the su binary!?! i dont know where it comes from, maybe a stage3 problem, but its shouldnt be there.

```

Gamly ~ # rm -f /usr/bin/su

robin@Gamly ~ $ source /etc/profile

robin@Gamly ~ $ which su

/bin/su

robin@Gamly ~ $ su

Password:

Gamly ~ #

```

done.

----------

## strangetales

etc-update did not work

when re emerging pam-login revieved this message

emerge -uDp pam-login

These are the packages that would be merged, in order:

Calculating dependencies... done!

[blocks B     ] sys-apps/pam-login (is blocking sys-apps/shadow-4.0.15-r2)

[blocks B     ] >=sys-apps/shadow-4.0.14-r2 (is blocking sys-apps/pam-login-4.0.14)

[ebuild  N    ] sys-apps/pam-login-4.0.14  USE="nls -livecd (-selinux) -skey"

----------

## pacho2

Please, upgrate your system:

emerge --sync

emerge -avuDN world

If you get this blocker:

emerge -C pam-login

emerge shadow

emerge -avuDN world

Good luck!

----------

## geo7780

Hi

I have update Gnome-2.16 and I have add a new user. Since this I have a error when I run the command su :

unknow item PASS_MIN_LEN

Do you have a idea to solve this problem ?

Thanks

----------

## VValdo

I just got this out of the blue as well.

W

----------

## truekaiser

ditto here.. but it doesn't seem to effect anything.

----------

## Icer

 *geo7780 wrote:*   

> Hi
> 
> I have update Gnome-2.16 and I have add a new user. Since this I have a error when I run the command su :
> 
> unknow item PASS_MIN_LEN
> ...

 

I just fixed this one on my rig. I read several posts here on the forum. Some tell you run etc-update... some just to re-emerge pam-login. I thought ok and did so but it didn't help. What is pam-login anyway? Emerge didn't find it. Also I tried comment out the PASS_MIN_LEN 5 in the /etc/login.defs but it doesn't help either. Ok... enough jadajada. One post in these forums said re-emerge shadow. I did so and lo and behold the issue is gone.  :Smile: 

----------

## Kid Shenck

On my system, most of the variables listed above are marked in my logins.def as "NOT SUPPORTED WITH PAM." On a pam system, it should be alright to comment out any of those lines with no problem.

Granted, it might be washed away with your next emerge world/etc-update, but it's surely a handy measure in the meantime.

--KidShenck

----------

## static_k

 *Icer wrote:*   

>  *geo7780 wrote:*   Hi
> 
> I have update Gnome-2.16 and I have add a new user. Since this I have a error when I run the command su :
> 
> unknow item PASS_MIN_LEN
> ...

 

Thanks Icer! That did the trick.

```
emerge shadow
```

then

```
etc-update
```

----------

## sawatts

I've had the "PASS_MIN_LEN" things for a while now.  I just upped my system to gcc 4.x, so spent a few days rebuilding everything, and it didn't go away.  I also tried re-emerging shadow, to no effect.

I just commented out the 'PASS_MIN_LEN 5' entry in '/etc/login.defs', which solved the issue for me.  Note that this entry occurred three times, with the uncommented entry one its own at the end of the file.

----------

## ok

I got the same messages after I updated to sys-apps/shadow-4.1.2 (emerge -uDN world) and run etc-update:

 *Quote:*   

> unknown configuration item `FAILLOG_ENAB'
> 
> ...

 

Downgrading to sys-apps/shadow-4.1.1 and comparing the etc/logins.defs. In the new version all commented entries where uncommented, so I updated again but without running etc-update.

```
#FAILLOG_ENAB           yes     (NOT SUPPORTED WITH PAM)
```

----------

## meulie

 *ok wrote:*   

> I got the same messages after I updated to sys-apps/shadow-4.1.2 (emerge -uDN world) and run etc-update:
> 
>  *Quote:*   unknown configuration item `FAILLOG_ENAB'
> 
> ... 
> ...

 

Confirmed. The beast rears its ugly head again. Same warnings here. Looking forward to hear what the fix is this time...  :Wink: 

----------

## ok

Bugzilla Bug 223631: https://bugs.gentoo.org/show_bug.cgi?id=223631

----------

## mithandra

i just followed one of the posts which worked find for me

Comment out the line in /etc/login.defs

```

# When prompting for password without echo, getpass() can optionally

# display a random number (in the range 1 to GETPASS_ASTERISKS) of '*'

# characters for each character typed.  This feature is designed to

# confuse people looking over your shoulder when you enter a password :-).

# Also, the new getpass() accepts both Backspace (8) and Delete (127)

# keys to delete previous character (to cope with different terminal

# types), Control-U to delete all characters, and beeps when there are

# no more characters to delete, or too many characters entered.

#

# Setting GETPASS_ASTERISKS to 1 results in more traditional behaviour -

# exactly one '*' displayed for each character typed.

#

# Setting GETPASS_ASTERISKS to 0 disables the '*' characters (Backspace,

# Delete, Control-U and beep continue to work as described above).

#

# Setting GETPASS_ASTERISKS to -1 reverts to the traditional getpass()

# without any new features.  This is the default.

#

GETPASS_ASTERISKS 0 

```

thanks mithandra

----------

