# SU: error in serive module (was authentication error)

## colonists

Ok, first off please read this message before getting all angry with a post about su.  

I just did a clean install of gentoo 1.4_rc2  and installed gnome2.2 and kde3.1. Everything was going along great until I added a non-root user. I was suddenly denied access to su into root from user mode... 'su: authentication failure"

I looked up if the board had anything on 'su' in the [url]quic[/url]k search, and NOTHING came up. I continued anyway and found all the posts about how you need to put your user in the wheel group etc etc (all of which i did a number of times.) I tried to manually add my user, I used useradd, I changed my primary and secondary group, I did everything that all the posts say to in the FAQ and I changed permissions in this following posting  https://forums.gentoo.org/viewtopic.php?t=13934.

I must have inadvertinly messed somehting up as my authentication failure has now become a 'su: error in service module, sorry' error. I do not know what to do. I have recompiled pam, but that did not work. Help me! I need to be able to su.

----------

## pjp

Moved from Installing Gentoo.

Probably not it, but whats in your /etc/pam.d/su file?

----------

## colonists

#%PAM-1.0

auth       sufficient	/lib/security/pam_rootok.so

# If you want to restrict users begin allowed to su even more,

# create /etc/security/suauth.allow (or to that matter) that is only

# writable by root, and add users that are allowed to su to that

# file, one per line.

auth       required     /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow

# Uncomment this to allow users in the wheel group to su without

# entering a passwd.

#auth       sufficient   /lib/security/pam_wheel.so use_uid trust

# Alternatively to above, you can implement a list of users that do

# not need to supply a passwd with a list.

#auth       sufficient   /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass

# Comment this to allow any user, even those not in the 'wheel'

# group to su

auth       required     /lib/security/pam_wheel.so use_uid

auth       required	/lib/security/pam_stack.so service=system-auth

account    required	/lib/security/pam_stack.so service=system-auth

password   required	/lib/security/pam_stack.so service=system-auth

session    required	/lib/security/pam_stack.so service=system-auth

session    optional	/lib/security/pam_xauth.so

Hope this helps.

----------

## pjp

 *colonists wrote:*   

> auth       required     /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow

 What happens if you comment out this line?

----------

## colonists

OK, I commented out the line, and I am now presented with the error...

su: Authentication failure

Sorry.

Now this needs to get fixed  :Smile: 

----------

## pjp

Output from the command "groups" does list wheel, correct?  What are your permissions on /bin/su ?

----------

## colonists

output from groups is: users wheel

ls -l /bin/su

-rwsr-sr-x    1   root    root     23948   Feb 7 20:10 /bin/su

----------

## colonists

In case your wondering, I have tried to set the permission of /bin/su to 

-rwsr-sr-x and -rwsr-xr-x and both give me the same authentication failure message.

----------

## pjp

Can root su to another user?

----------

## colonists

Yes, I can su to other users from root. the only time su is denied to me is when i am a user su-ing to root.

----------

## gfdsa

well, i just installed 1.4 and had the same issue, solved it by u+s /bin/su

seems its not the case, but anyway, strace could give you a hint imho

----------

