su -incorrect password

[scott32746]

Hello,

Try changing it in rescue mode. I had a problem with root's password years ago.
run level 1 would not fix it, rescue mode did.

[dedman]

Okay, further exploration lead me to file /etc/shadow.
Now this had No permission bits set. Nothing "----------".
So i set it properly to this : -rw-r--r--

Now when i use SU,
with wrong root passwd, i get Incorrect password
with Correct root passwd i get this :

Code:

su: cannot set groups: Operation not permitted

Also i noticed that, when i change my directory to /bin and run the su file by ./su
Then it works perfectly .

[JEO]

Check the permissions on the file /etc/group also. How do you think the permissions were changed?

If you cd to /bin and then it works that suggests your PATH variable is messed up too. As your normal user, post the results of "echo $PATH"

Edit: On my system /etc/shadow does have all permissions restricted, so the way you first found it is normal. That file is not accessible to anyone by default.

[dedman]

Quote:

Originally Posted by JEO

Check the permissions on the file /etc/group also. How do you think the permissions were changed?

If you cd to /bin and then it works that suggests your PATH variable is messed up too. As your normal user, post the results of "echo $PATH"

Edit: On my system /etc/shadow does have all permissions restricted, so the way you first found it is normal. That file is not accessible to anyone by default.

okay. the path variable is :

Code:

$ echo $PATH
/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/dedman/bin

also, the permissions of group is -rw-rw-r--

And i did set the permissions of the shadow file back to nil.

---------- Post added at 02:32 AM ---------- Previous post was at 02:27 AM ----------

Also i found this in /var/log/secure

Code:

sshd[17258]: reverse mapping checking getaddrinfo for triband-del.bol.net.in failed - POSSIBLE BREAK-IN ATTEMPT!

Does it have to do with this issue ?

Also in the log directory there are two separate files- secure
and there is a separate file : secure-20110918

Why is there a separate file for this date ?

[JEO]

Your PATH looks okay.

The permissions on F15 for the group file is different on mine:

-rw-r--r--. 1 root root 750 Jul 8 18:20 group

You may want to set yours to this as selinux tends to block things that have the wrong permissions (yours has group write permission set).

When the log files are rotated (a new log file is created) the date is appended to the old log file.

[dedman]

Well, when i restored the permissions of shadow file,
now we are back to original problem again.

No matter what password i try, it will give me incorrect password. Now its not reporting any group error. Only Incorrect Passwd

[JEO]

For completeness the permissions on /etc/passwd are the same as /etc/group.

-rw-r--r--. 1 root root 1683 Jun 27 03:06 passwd

If the permissons on all three files are correct then I don't know what is causing that error. Did you update or install anything right before the problem started?

[Gareth Jones]

Quote:

Originally Posted by dedman

Okay, further exploration lead me to file /etc/shadow.
Now this had No permission bits set. Nothing "----------".
So i set it properly to this : -rw-r--r--

That is how it's supposed to be. Only privileged processes (su, sudo, login, etc.) are supposed to be able to access the shadow files as they contain the (encrypted) passwords. Making them world-readable makes brute-force and dictionary attacks trivial. You should set it back to 0000, it has nothing to do with your problem.

Gareth

Edit: I see you did change it back. Sorry.

---------- Post added at 10:42 PM ---------- Previous post was at 10:29 PM ----------

Out of interest, does sudo work?

[Iron_Mike]

You're spending to much time with this issue. Just reinstall F15.

[stevea]

Keyring shmee-ring - it makes no difference.

Look at the root /etc/passwd into in /etc/passwd and /etc/shadow
Are you using some alternative authentication technique ? sssd ? Kerberos ?

[COKEDUDE]

Quote:

Originally Posted by Iron_Mike

You're spending to much time with this issue. Just reinstall F15.

I usually have a 3 day limit and if I haven't solved my problem by the end of the third day limit I usually reformat my computer if it is a BIG problem. This would definitely count as a big problem .

[scott32746]

have you setup sudo ?
maybe able to use sudo to change the password for root

[stevea]

If you want to learn - don't re-install. That's for people who give up.

Make sure permissions are correct:

Quote:

[me]# ls -l /etc/{passwd,group,shadow} /bin/su
-rwsr-xr-x. 1 root root 34904 Feb 8 2011 /bin/su
-rw-r--r--. 1 root root 1118 Aug 4 05:46 /etc/group
-rw-r--r--. 1 root root 2328 Aug 4 05:42 /etc/passwd
----------. 1 root root 1639 Aug 4 05:42 /etc/shadow

Quote:

[me]# ls -l /etc/pam.d/{su,system-auth,system-auth-ac}
-rw-r--r--. 1 root root 487 Feb 8 2011 /etc/pam.d/su
lrwxrwxrwx. 1 root root 14 May 13 15:42 /etc/pam.d/system-auth -> system-auth-ac
-rw-r--r--. 1 root root 979 Jul 18 16:02 /etc/pam.d/system-auth-ac

Your /etc/pam.d/su looks fine, but you must check system-auth too.

Quote:

[me]# cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so

account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so

password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password required pam_deny.so

session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so

You need to make sure that your passwd, group and shadow entries are OK, like ...

Quote:

[root@lycoperdon ~]# grep :0: /etc/passwd
root:x:0:0:root:/root:/bin/bash
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
operator:x:11:0:operator:/root:/sbin/nologin

This tests that there is a single UID=0 account, and it belongs to root, and that root is th eonly member of group 'root'.

Quote:

[stevea@crucibulum man3]$ cut -d: -f 3 </etc/passwd | grep ^0 | wc -l
1
[stevea@crucibulum man3]$ grep ^root /etc/passwd
root:x:0:0:root:/root:/bin/bash
[stevea@crucibulum man3]$ grep :0: /etc/group
root:x:0:root

If yours differ in any way post the result.


This test examines ALL valid login accounts .... must be root/single-user to execute

Quote:

[root@lycoperdon ~]# grep -v '!!' /etc/shadow | fgrep -v '*'
root:$6$v5waLGwZnkQhiEEt$1NiYaqVFgel1blnw6e/3QiHcpymruBY9Ho77VUrEYweR/8lTQF0vvEPgr3teq3l6TTdE1D2vfP4/TuuygxLvD0:15173:0:99999:7:::
stevea:$6$dp7lnRo4N/AYZ8Iz$NB9VWRKlhQ5obIP0jRNNBDlWgxvq.tfCkzRoMfnCSl5 FT5WQHZuhJdaTFTs7NuDeNMS.IFJfVCxBww8BI9hIV/:15174:0:99999:7:::

You should ONLY see accounts you set a passwd for, including root.
The second ':' separated field should begin with $6 then your hashed passwd+salt.

[linux2001]

Try

Code:

$ sudo su

java swing

[shartz]

Hi I have same problem here. I cant su - root on terminal, but when I click my windows folders (I have dual boot), the popup window will ask for root password, when I entered it, I believe I was using exactly right password for my root!!!

Thanks for all the post, the last post is the one works for me!
Use
$sudo su - root
!!!!! THANKS !!!!