Help with su on 6.3
Derek Ragona
derek at computinginnovations.com
Wed Feb 13 19:00:13 UTC 2008
At 12:51 PM 2/13/2008, Neil Gruending wrote:
>On 2/12/08, Derek Ragona <derek at computinginnovations.com> wrote:
> >
> > At 06:16 PM 2/12/2008, Neil Gruending wrote:
> >
> > Hi,
> >
> > Today I upgraded my computer to 6.3, but now root can't su to other
> > users. I login as a regular user (neil) over ssh and I can su to
> > become root. But now root can't su to other users. For example, if I
> > do "su svn" I get "su: Sorry". My boot rc scripts do the same thing
> > where I use su. Everything worked fine when I was running 6.2. Any
> > help is appreciated. I followed the binary upgrade procedure in the
> > release announcement.
> >
> > Thanks
> > Neil
> > Did you run mergemaster? Check your users still exist in /etc/passwd?
> >
> > -Derek
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
>
>I didn't run mergemaster because
>http://www.freebsd.org/releases/6.3R/announce.html didn't say to.
>However, I did try su at the console with the same result, but I was
>getting pam_acct_mgmt: authentication errors. I checked
>/etc/master.passwd and noticed that the accounts I was trying to su to
>were locked. I tried "passwd account" as root on an account that
>wasn't working and once I set a password it I could su to it as long
>as logins were enabled. I tried another account with disabled logins
>and got "This account is currently not available".
>
>Both of these accounts only exist to let servers run as different
>users. What's the proper way to set them up? Maybe that's my issue
>instead. I only noticed this because the servers weren't starting
>because the init scripts can't su to the right users anymore.
>
>Thanks,
>Neil
Well you should always read and follow UPDATING in /usr/src when doing an
upgrade.
I usually just set the shell to /usr/bin/false or /usr/sbin/nologin for
users like these. Of course you can't test these interactively with
su. If you want to do that, give the account a valid login shell, test it,
then set it to false or nologin.
-Derek
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the freebsd-questions
mailing list