# belong to wheel group, but can't su to root.

## lolita_daydream

greetings.

as the subject line says, i can't su to root, even though i belong to the wheel group. i checked /etc/group, and it confirms this.

any help would be greatly appreciated.

----------

## pjp

Have you logged out since the user was added to the group?  Does running 'groups' verify membership?

----------

## rac

"newgrp -" should be sufficient if you don't want to log out.

----------

## pjp

I thought there was an easier way, just couldn't recall what it was.

----------

## lolita_daydream

 *Quote:*   

> Have you logged out since the user was added to the group?

 

i've done so many times. this has been a problem for about a week now, since i reinstalled to upgrade to gentoo 1.4

i'm presently running as root fulltime.

----------

## pjp

What is in /etc/suauth and /etc/pam.d/su?

----------

## rac

...and what does su give you as a reason for failure?  Can root su to ordinary users?

----------

## mikegr

I have the same problem, I got the message:

su: Authentication failure

I can login as the user and as root. The user is in the wheel group. I can sudo without password, but cannot when a password is required.(Uncomment the line in /etc/sudoers)

I 've no /etc/suauth and the /etc/pam.d/su looks like this:

#%PAM-1.0

auth       sufficient   /lib/security/pam_rootok.so

auth       required     /lib/security/pam_wheel.so use_uid

auth       required     /lib/security/pam_stack.so service=system-auth

account    required     /lib/security/pam_stack.so service=system-auth

password   required     /lib/security/pam_stack.so service=system-auth

session    required     /lib/security/pam_stack.so service=system-auth

session    optional     /lib/security/pam_xauth.so

Maybe this information helps someone, getting an answer.

----------

## lolita_daydream

its the same for me as for mikegr, above.

my su also fails with the message:

su: Authentication failure

i have no /etc/suauth either, and my /etc/pam.d/su is exactly the same.

----------

## rac

Attention!  The following question may be extremely stupid.  Reading this question may cause you to laugh at the questioner, or get angry with them for insulting your intelligence.  You have been warned.  :Razz: 

People having problems: are you typing your user's password at the Password: prompt instead of root's password?

----------

## Logik

 *Quote:*   

> 
> 
> People having problems: are you typing your user's password at the Password: prompt instead of root's password?

 

LOL, that is hilarious... i am almost willing to bet that's the problem too.. clever... for some reason i would've never thought about that...

----------

## lolita_daydream

 *Quote:*   

> People having problems: are you typing your user's password at the Password: prompt instead of root's password?

 

that is funny.

and, no im not.

----------

## McManus

I guessed it might have been an issue with pam, so I re-emerged with -march=athlon-mp -O2 -pipe but still no go.  What is the dealy-o?

(and ha, I _wish_ it was as simple as typing in the wrong password; I actually checked to make sure I was typing it in correctly   :Smile:   )

----------

## rac

Anybody affected have permissions on /var/run/utmp that are different from 664 root.utmp?  Also, does anybody have grsecurity (or any other security-related things) enabled in their kernels?

----------

## pilla

Same as me, but it works.

I barelly remember... I think I had to make something about it the first time I installed gentoo.

 *lolita_daydream wrote:*   

> its the same for me as for mikegr, above.
> 
> my su also fails with the message:
> 
> su: Authentication failure
> ...

 

----------

## HogRider

Just to clarify:

Are you typing in your user password for sudo?

And your root password for su?

Perhaps it would help to post your /etc/groups....

usermod's -g & -G are sometimes troublesome

----------

## lolita_daydream

 *Quote:*   

> Anybody affected have permissions on /var/run/utmp that are different from 664 root.utmp? Also, does anybody have grsecurity (or any other security-related things) enabled in their kernels?

 

my permissions are also 664 root.utmp.

and i do not have grsecurity enabled in my kernel.

 *Quote:*   

> Perhaps it would help to post your /etc/groups....

 

my /etc/group:

root::0:root

bin::1:root,bin,daemon

daemon::2:root,bin,daemon

sys::3:root,bin,adm

adm::4:root,adm,daemon

tty::5:

disk::6:root,adm

lp::7:lp

mem::8:

kmem::9:

wheel::10:root,lolita

floppy::11:root

mail::12:mail

news::13:news

uucp::14:uucp

man::15:man

cron::16:cron

console::17:

audio::18:

cdrom::19:

dialout::20:root

ftp::21:

sshd::22:

at::25:at

tape::26:root

video::27:root

squid::31:squid

gdm::32:gdm

xfs::33:xfs

games::35:

named::40:named

mysql:x:60:

postgres::70:

cdrw::80:

apache::81:

nut::84:

usb::85:

vpopmail:x:89:

users::100:games,lolita

nofiles:x:200:

qmail:x:201:

postfix:x:207:

postdrop:x:208:

utmp:x:406:

nogroup::65533:

nobody::65534:

----------

## Roptaty

Have you looked at the logs?

----------

## McManus

Did any of y'all fix this on your system, yet?  I just did a complete re-install, and it still doesn't work.  Should I file it as a bug?  Did I miss something really simple?  Am I just retarded?  :Smile:   Let me know, please!

----------

## HogRider

Wait a minute......  :Rolling Eyes: 

I was reading back through the thread, and realized we're looking at two separate issues.

 *Quote:*   

> lolita_daydream Posted: Sun Sep 22, 2002 7:43 pm    Post subject: belong to wheel group, but can't su to root. 
> 
> --------------------------------------------------------------------------------
> 
> greetings. 
> ...

 

Is questioning su,  whereas

 *Quote:*   

> mikegr Posted: Mon Sep 23, 2002 3:36 pm    Post subject:  
> 
> --------------------------------------------------------------------------------
> 
> I have the same problem, I got the message: 
> ...

 

Relates to sudo.

These are separate issues.  su should work if the user is part of the wheel group.  sudo should work if the user & specific command are listed in /etc/sudoers.

password for su=%rootpasswd%

password for sudo=%userpasswd%

Let's identify the specific problem, and try to resolve it.

----------

## McManus

Erm, I know that I am having issues with 'su' and that others are having problems with 'su' as well.  I know 'su' should work if my users are in the 'wheel' group.  Well, they are and it doesn't work.

----------

## pjp

lolita_daydream:  Is your problem with su, or sudo?

----------

## 8230

I see no one has yet mentioned "visudo". I have users that are not in the "wheel" group and I just used visudo to add

their names to the sudoers file and it works just fine.

----------

## blatch

```
 bash-2.05a# useradd (username)

bash-2.05a# usermod -g wheel

```

works for me  :Smile: [/code]

----------

## rac

Why do you want to set wheel to be your user's primary group?  How is this better than making it a secondary group with the -G option?

----------

## srain315

I have a Gentoo 1.2 box.  I recently moved a bunch of stuff from disk to disk (don't ask...) and I have the same problem with su.

It worked correctly before my machinations...

```

bash-2.05a$ su

Password: <%rootpasswd_typed_correctly%>

su: Authentication failure

Sorry.

```

I re-emerged pam (0.75-r7) to no avail.

I'm wondering if it's a file permission/ownership problem, as I may have screwed something up in my file copies...

I'm also using a grsecurity-enabled (level=low) kernel.

Cheers!

----------

## borrito

I ran into this same problem when I did a brand new install yesterday. I checked the new install against another machine with 1.2 installed and I noticed that /bin/su on the 1.2 machine had the SUID bit set, where the 1.4_rc1 /bin/su did not. I simply set the SUID bit on /bin/su

```
chmod +s /bin/su
```

and everthing worked as expected.  :Smile: 

----------

## pilla

Looks like a bug for me. I think you should report it. 

 *borrito wrote:*   

> I ran into this same problem when I did a brand new install yesterday. I checked the new install against another machine with 1.2 installed and I noticed that /bin/su on the 1.2 machine had the SUID bit set, where the 1.4_rc1 /bin/su did not. I simply set the SUID bit on /bin/su
> 
> ```
> chmod +s /bin/su
> ```
> ...

 

----------

## torreyk

I was having the same problem, getting an authentication failure. The fix in the above post: "chmod +s /bin/su" fixed it for me as well. This definitely sounds like a bug.

----------

## Vlad

Had the same problem today and fixed the problem by doing a

```

emerge pam shadow pam-login

```

Having problems now trying to run KDE as a non-root user. Keeps telling me I don't have permissions to the tmp folder.  Don't suppose anyone knows what the default /tmp folder permissions are?

----------

## rac

 *Vlad wrote:*   

> Don't suppose anyone knows what the default /tmp folder permissions are?

 

I have 1777 root.root.

----------

## ebrostig

 *rac wrote:*   

>  *Vlad wrote:*   Don't suppose anyone knows what the default /tmp folder permissions are? 
> 
> I have 1777 root.root.

 

I posted the solution to this issue with su a couple of months ago to a similar question. I guess nobody bothered to update the sticky su thread with information pointing to my posting. It would have saved this thread since the solution was exactly the same, wrong permission on /bin/su.

Oh well...

Erik

----------

## masseya

There are many things that would save extraneous threads from being posted, but they still occur.  You can read about several hundred of them in the Duplicates forum if you wish.  If you think you have found a solution to something that will be or is a very commonly asked question you are more than welcome to PM a moderator and ask them nicely to make your thread sticky so others will be more likely to see it.

----------

## pilla

Sometimes, it is just the case of searching a little bit better before asking the question.  I think that we may make the point for some threads to be sticky, but if all important threads get sticky, we won't have space for new threads in the first page  :Cool: 

Usually, when I have a feeling of deja-vu, I make a search and point the older thread. But I am quite busy these weeks, you know... 

So, keep searching -- I'd post this in the Forums Feedback, but it won't make sense if it was not a reply to Tristam29 post, I guess.

 *Tristam29 wrote:*   

> There are many things that would save extraneous threads from being posted, but they still occur.  You can read about several hundred of them in the Duplicates forum if you wish.  If you think you have found a solution to something that will be or is a very commonly asked question you are more than welcome to PM a moderator and ask them nicely to make your thread sticky so others will be more likely to see it.

 

----------

## rac

 *ebrostig wrote:*   

> I posted the solution to this issue with su a couple of months ago to a similar question.

 

I gave you credit for it, if that's the problem.

 *Quote:*   

> I guess nobody bothered to update the sticky su thread with information pointing to my posting.

 

At the time I first referenced your solution, it was only the second time I had seen it come up.

----------

## ebrostig

 *rac wrote:*   

>  *ebrostig wrote:*   I posted the solution to this issue with su a couple of months ago to a similar question. 
> 
> I gave you credit for it, if that's the problem.
> 
>  *Quote:*   I guess nobody bothered to update the sticky su thread with information pointing to my posting. 
> ...

 

Lol, rac, I'm not after credit, I couldn't care less  :Smile: 

I just wanted the poor guy to be able to su to root. One of the things that are often overlooked is the permission on certain executables. I work with a system that is very "nazi" about the permission on our main executable and I have seen some rather interesting errors based on it.

I apologize to everyone if I came across somewhat of a bitch  :Smile: 

Erik

----------

## rac

 *ebrostig wrote:*   

> I apologize to everyone if I came across somewhat of a bitch 

 

No worries, I was probably being too defensive - something about the "guess nobody bothered" just rubbed me the wrong way.

----------

## tjolson

For what it's worth:

I added my id to the wheel group, created an /etc/suauth file with the proper      entry, and could not su to root.  My problem appears to have been  my editing the /etc/group file by hand, because although I saw the entry in the file, "groups" did not report me as being part of the "wheel" group. When I added myself to the wheel group with usermod, all was well. 

 :Rolling Eyes: 

----------

## McManus

It's been awhile, I suppose I should post my end result...  turns out the CD I burned didn't come out quite perfectly  :Smile:   I did an MD5SUM on the downloaded ISO, no probs, but the CD somehow didn't quite come outta the oven perfectly, go fig.  Since it wasn't just 'su' that was giving me problems (X was as well), I figured I should try to reburn it, and whala, it all works.

If you just downloaded and burned the CD and installed and have this problem, one possible solution is to retry downloading and burning the ISO again  :Smile: 

(this will be especially useful when 1.4 'officially' comes out, and the masses go out and download the ISO...  chances are, SOME people with have bad burns or bad d/l's  :Very Happy:  )

----------

## c0ns0le

if you are still having trouble w/ this please feel free to email me or msg me

email: root@micr0s0ftsux.com

ymsg: bow4iamthebofh@yahoo.com

ymsg2: bow4iamtheroot@yahoo.com

icq: 11646412

msn: BoW4IamTheBOFH@hotmail.com

aim: BoW4IamTheROOT

----------

## bigsmoke

 *rac wrote:*   

> "newgrp -" should be sufficient if you don't want to log out.

 

Nice tip  :Exclamation:  Although I haven't had any problems with su, I've always been struck by the uglyness of having to re-login as a user after I add the user to some new group.  :Cool: 

----------

## MrBlc

i would just like to say thanks to borrito for the solution.. that was what did it for me... 

keep up the good work  :Smile: 

-mrblc

----------

## DeathAndTaxes

 *borrito wrote:*   

> I ran into this same problem when I did a brand new install yesterday. I checked the new install against another machine with 1.2 installed and I noticed that /bin/su on the 1.2 machine had the SUID bit set, where the 1.4_rc1 /bin/su did not. I simply set the SUID bit on /bin/su
> 
> ```
> chmod +s /bin/su
> ```
> ...

 

Same here, I accidentally did a chown -R common_user in the wrong place (/, if you really have to know), and I guess the suid bit got b0rked.  I knew it was something simple, and I'm glad once again for these forums.   :Wink: 

----------

## raid517

Hi I had a very similar issue - and I found this section very helpful. It certainly worked for me - although I'm not sure which part, as it may have been a combination of several of the suggestions that were made.

However now that I can su as a user I have found that several of the applications I installed as root (specifically in this instance Firefox and Thunderbird) will not launch in user mode any more. I don't know if it is just these two applications or if it is a general trend, but the console output if I try to run them from a console is:

```
/usr/lib/MozillaFirefox/mozilla-xremote-client: Error: Failed to find a running server.

No running windows found
```

The question is, what's going on? They ran fine before I came here and followed these instructions. What exatly are they telling me?

GJ

----------

## raid517

Just in case anyone is still watching this topic or does a search and finds it, I found the answer to this after a recent reinstall.

This whole thing is about keyboard locals in KDE (and possibly Gnome?).

To prove this you should try quitting X and attempt to log in at a console as a user.

Before doing this though, attempt to write out your password so you can actually see what you are typing. Make sure it is being typed out correctly and you haven't got the wrong local set at your prompt too.

You should be able to log in normally, providing you follow the install instructions for setting your keyboard and local.

Now try to log in to whatever account is giving you trouble (it might be root, or it might be a user account, depending on the password you use) via kdm or gdm. Again check that your password is being typed out correctly, as it seems (in particular) kdm might have it's own keyboard and localization files set independently of the konsole and KDE itself. (Try for example typing your password in your username field first). Now log into KDE using your correct password and user name. Now open a console and try to log in as su. Again first check you password is being typed correctly before doing this.

Fixing this in KDE is easy, just open Kcontrol and set your keyboard and local. I haven't though figured out yet how to fix this in KDM so if anyone can tell me how to do this, please feel free. But essentially that is where the fault lay - for me at least. Kind of dumb I know - but when KDE started I'm pretty sure I did choose my correct localization, but for some weird reason it just didn't stick. I just never thought about it much again afterwards.

GJ

----------

## GetLinux

 *HogRider wrote:*   

> "Computers are like air conditioners, they stop working properly if you open Windows" 

 That is the best signature I have ever read!

----------

