Praxis Posted April 28, 2007 Report Share Posted April 28, 2007 I guess I probably messed up my Mandriva 2006 upgraded to 2007 installation about a month ago trying to get Beryl to work properly using some random repositories I saw on a web page somewhere. After a round or two of updates I could no longer SU at all. I used the 2007.1 DVD to upgrade to the latest stable version, but things didn't sort themselves out. When I type 'su' at a terminal trying to get a root prompt I get this: [user@hostname ~]$ susu: incorrect password [user@hostname ~]$ I don't even get a chance to enter a password. I get the same thing from my wife's user account. I also can't su to change to my wife's account in a terminal. SU appears broken, even from the root account. [root@hostname ~]# su usersu: incorrect password [root@hostname ~]# Attempts to start GUI tools as root from within a user account also fail. If I use the command: $ kdesu konqueror I get a little dialogue box that says: Error - KDE suSu returned with an error I get the same message if I try to use Adminstrative Mode with Control Center. Trying to start a MCC module gives me another error with says "Unknown error - Close". Using the Browse Available Software module spits out a dialogue box saying: Running in user modeYou are launching this program as a normal user. You will not be able to perform modifications on the system, but you may still browse the exisiting database. Goodie. Being in Gnome or even a shell login doesn't help, still no SU. Curiously, I can SSH to get to my root account and use other TTYs for a root account or Switch User - Start New Session or log in from the KDM screen to get a graphic root access. I can even access GUI applications within my user KDE session by using SSH X forwarding: [user@hostname ~]$ ssh -X root@hostname konquerorroot@hostname's password: kbuildsycoca running... I've looked around the web and this seems to be a fairly wide spread problem over the last few years on a variety of platforms from cygwin to vmware, as well as a number of distros, but I've never seen a satisfactory resolution that worked for me. I've poked around a number of files looking at configuration and permissions but never seen something that grabbed me by the throat. I've looked at: /etc/passwd /etc/pam.d/su /etc/sudoers /etc/shadow ls -l /bin/su-rwsr-xr-x 1 root root 20584 Feb 21 14:09 /bin/su* Being a mere mortal (not exactly a newbie, though), I don't know what I'd look for in those files exactly, though I tried a few passes with chmod. Any suggestions? Quote Link to comment Share on other sites More sharing options...
wardevil Posted April 28, 2007 Report Share Posted April 28, 2007 I have the same problem when i upgraded from 2007.0 ... In all my systems upgrade seems to messed up and become unusable distro. To bad since i am almost ditching Mandriva bacause in all upgrades i have ever done none of them worked so bad... Upgrades are not the problem itself...clean installs have a few drawbacks by its own....as an example lilo was replaced by grub...I dont know about other users but i have a very ugly menu in the boot screen to chose the kernel to boot...i thought,well as long it works i could keep it,but then a very strange thing happened...i have a dual boot with win$hit XP? and once i booted in to that no problem...but when i rebooted i could not ever again boot into any other OS and the only thing it shows before the grub boot menu is a error 23(not really sure what that means) so my pc has become unusable for the first time in years after installing Mandriva... If release period is about 6 months between them and has this kind of problems(bugs mostly) if there was a voting for change release period i vote for a yearly release...at least there was enough time(i think) to squash the most terrible bugs out there.... Well thats just my opinion.... Cheers.... Quote Link to comment Share on other sites More sharing options...
scoonma Posted April 28, 2007 Report Share Posted April 28, 2007 I'm not sure wether is is necessary for newer Mandriva versions, but users to be able to use "su" needed to be members of the "wheel" group. Quote Link to comment Share on other sites More sharing options...
mystified Posted April 28, 2007 Report Share Posted April 28, 2007 From Mandriva Errata Broken pam configuration (commands such as su not working) See also Bug #29719 and pam_stack in the release notes. After updating to Mandriva Linux 2007 Spring from Mandriva Linux 2006 or from an installation of Mandriva Linux 2007 which was itself updated from Mandriva Linux 2006, some pam configuration files may no longer be valid. This might result in the su and kdesu commands not working. If some configuration files in the /etc/pam.d directory still contain references to the pam_stack module, they should be migrated, as explained in the /usr/share/doc/pam-0.99.7.1/README.update.urpmi file. If the affected configuration files do not contain configuration changes made by the system administrator, they can simply be restored from the .rpmnew files in the same directory. For example, to make the su command work again, in the /etc/pam.d directory, replace the content of the su file with the content of the su.rpmnew file: cp -vf /etc/pam.d/su /etc/pam.d/su_bak;cp -vf /etc/pam.d/su.rpmnew /etc/pam.d/su And you can replace grub with lilo by going into MCC once you get your root priveleges back. It's under bootloader but I'm not sure where since I'm not in Mandriva atm. HTH Quote Link to comment Share on other sites More sharing options...
scarecrow Posted April 28, 2007 Report Share Posted April 28, 2007 I'm not sure wether is is necessary for newer Mandriva versions, but users to be able to use "su" needed to be members of the "wheel" group. No they don't. The wheel group provides to a "common" user special priviledges, as they're defined in /etc/sudoers, but "su" is executable by any user. Don't know which are the defaults under selinux, but for pretty any distro I've used (*buntu excluded, of course) you don't have to be in wheel to execute su. Quote Link to comment Share on other sites More sharing options...
wardevil Posted April 28, 2007 Report Share Posted April 28, 2007 Yep...replacing /etc/pam.d/su by /etc/pam.d/su.rpmnew did the trick....i must remember myself to carefully read the errata.... Thanks mystified Cheers.... Quote Link to comment Share on other sites More sharing options...
Praxis Posted April 28, 2007 Author Report Share Posted April 28, 2007 (edited) Yep...replacing /etc/pam.d/su by /etc/pam.d/su.rpmnew did the trick....i must remember myself to carefully read the errata.... Thanks mystified Cheers.... Yes, thanks very much, mystified. That did the trick, for the most part. I can now log in as root using SU and also use the Administrative options in Control Center. Also, I can log in as root in some but not all Mandriva Control Center modules in Mandriva>System>Configuration. Some of them give me a "Unknown Error" dialogue box. Also, many of the modules are missing from the KDE menu. Oh well, I can easily start MCC from the command line. Funny thing is, I glanced at (obviously didn't read) the errata, but missed that bit, probably because I read it before I'd actually updated to 2007.1 after reading a review of 2007.1 that claimed that the errata list was longer than the list of featured improvements. http://www.softwareinreview.com/cms/content/view/74/ Executive summary: Issue the following command: cp -vf /etc/pam.d/su /etc/pam.d/su_bak;cp -vf /etc/pam.d/su.rpmnew /etc/pam.d/su Here is the text from the Errata referenced /usr/share/doc/pam-0.99.7.1/README.update.urpmi file. PAM 0.99.3.0 update notes - pam_stack module depreciation The pam_stack module is now deprecated. It has to be replaced by include directives in pam.d configuration files. pam_stack usage won't make pam fail in this release, but it will be removed in a future release, better avoid it. It's basically a matter of replacing "required pam_stack.so service=<foo>" with "include <foo>". This can't be automatically updated on system-edited configuration files because it isn't always that simple. Some "sufficient" directives in the included file may now occult directives that were previously matched, in the same configuration phase (auth/account/password/session). So, the rules may have to be reordered, and the "include" directives have often to be lowered at the bottom of each phase. See Fedora instructions and release notes for more details. http://www.redhat.com/archives/fedora-deve...r/msg00050.html http://www.redhat.com/archives/fedora-deve...r/msg00084.html http://fedora.redhat.com/docs/release-note...kage-notes.html - pam_pwdb dropped The pam_pwdb module has been obsolete for a couple of years now, it is not anymore available in the pam package from Mandriva. The pam_unix module has to be prefered. - services linked with pam Services linked with the old pam library have to be restarted once the new pam package has been installed. This includes services such as crond, xdm, gdm, kdm, samba. Wardevil, I tend to agree that 2007.1 isn't quite ready for prime time. 2006 was stable, but unexciting, a perfectly useful desktop, though. 2007 was very nice, all the upgrades seemed to work, plus I liked the Compiz eye candy once I'd upgraded my video card (though I'm still not able to get the Zoom In scrolling to work). 2007.1 seems rather buggy. The 3D stuff is much more erratic than 2007, even as it is more ambitious. Metisse just stalls out when I try to use it, Compiz isn't working properly, Beryl works, but when I enable it I have to manually start beryl-manager, then switch to Metacity in the Select Window Manager field in order to get my top window frames to materialize, finally switch back to Beryl. OK, I guess I could just go with a 2D desktop and all would be well. EDIT: I reverted to 2D desktop, now when I hit the Beryl-Manager icon on my Panel Beryl starts properly without futzing around with different Window Managers. The other thing I have to investigate is that my static IP address keeps losing its gateway every time I boot up, very annoying, I have to log in as root and do a "route add default gateway" every time I want to access the net (or go to MCC Reconfigure A Network Interface). I notice that /etc/sysconfig/network-scripts/ifcfg0-eth0 continues to mention a wrong address as a gateway (192.168.xxx.1 vs. 254 for my router). Maybe manually editing that file will make the problem go away. EDIT: That did the trick, my gateway was automatically recognized. Still, not very user-friendly for a user-friendly distro. I've never used that address for my gateway. Starting MCC from the menu still gives me an "Unknown Error" message. Edited April 28, 2007 by Praxis Quote Link to comment Share on other sites More sharing options...
scoonma Posted April 29, 2007 Report Share Posted April 29, 2007 No they don't. The wheel group provides to a "common" user special priviledges, as they're defined in /etc/sudoers, but "su" is executable by any user. Don't know which are the defaults under selinux, but for pretty any distro I've used (*buntu excluded, of course) you don't have to be in wheel to execute su. Hm. This is strange. I was sure when installing previous versions of Mandriva by using CDs (now doing net installs), it was recommended by the installer to add users to wheel in order to be able to get root privileges. Must be a false memory?!? Quote Link to comment Share on other sites More sharing options...
Mhn Posted April 29, 2007 Report Share Posted April 29, 2007 (edited) Hm. This is strange. I was sure when installing previous versions of Mandriva by using CDs (now doing net installs), it was recommended by the installer to add users to wheel in order to be able to get root privileges. Must be a false memory?!?I think this depends on which security level you choose. Edit: In level 5 you have to be in the wheel group: http://club.mandriva.com/xwiki/bin/view/KB/SecureSmsec Edited April 29, 2007 by Mhn Quote Link to comment Share on other sites More sharing options...
Soka Posted May 1, 2007 Report Share Posted May 1, 2007 Starting MCC from the menu still gives me an "Unknown Error" message. Just like you did with /etc/pam.d/su, You need to replace the other files with rpmnew extension in the /etc/pam.d directory. mv /etc/pam.d/simple_root_authen /etc/pam.d/simple_root_authen.old mv /etc/pam.d/system-auth /etc/pam.d/system-auth.old mv /etc/pam.d/simple_root_authen.rpmnew /etc/pam.d/simple_root_authen mv /etc/pam.d/system-auth.rpmnew /etc/pam.d/system-auth Quote Link to comment Share on other sites More sharing options...
Guest Darryl Scroggins Posted May 21, 2007 Report Share Posted May 21, 2007 The information noted by Mystified did the trick for me. /etc/pam.d/su was the problem I upgraded several machines from different versions of Mandriva to 2007.1 (Spring) and only the machine that was running 2007 official exhibited this problem. This is what I did (I was running KDE): <cntl>F1 login as root #Just as a precaution backup su cp /etc/pam.d/su to /etc/pam.d/su.070520 #clobber su with su.rpmnew cp /etc/pam.d/su.rpmnew /etc/pam.d/su <cntl>F7 su password: PS. I'm currently running 3 heads using 2 cheap video cards and the one on the motherboard. I recommend it highly to anyone trying to do real work. (Not very useful for games) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.