Help with su on 6.3
derek at computinginnovations.com
Wed Feb 13 19:00:13 UTC 2008
At 12:51 PM 2/13/2008, Neil Gruending wrote:
>On 2/12/08, Derek Ragona <derek at computinginnovations.com> wrote:
> > At 06:16 PM 2/12/2008, Neil Gruending wrote:
> > Hi,
> > Today I upgraded my computer to 6.3, but now root can't su to other
> > users. I login as a regular user (neil) over ssh and I can su to
> > become root. But now root can't su to other users. For example, if I
> > do "su svn" I get "su: Sorry". My boot rc scripts do the same thing
> > where I use su. Everything worked fine when I was running 6.2. Any
> > help is appreciated. I followed the binary upgrade procedure in the
> > release announcement.
> > Thanks
> > Neil
> > Did you run mergemaster? Check your users still exist in /etc/passwd?
> > -Derek
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
>I didn't run mergemaster because
>http://www.freebsd.org/releases/6.3R/announce.html didn't say to.
>However, I did try su at the console with the same result, but I was
>getting pam_acct_mgmt: authentication errors. I checked
>/etc/master.passwd and noticed that the accounts I was trying to su to
>were locked. I tried "passwd account" as root on an account that
>wasn't working and once I set a password it I could su to it as long
>as logins were enabled. I tried another account with disabled logins
>and got "This account is currently not available".
>Both of these accounts only exist to let servers run as different
>users. What's the proper way to set them up? Maybe that's my issue
>instead. I only noticed this because the servers weren't starting
>because the init scripts can't su to the right users anymore.
Well you should always read and follow UPDATING in /usr/src when doing an
I usually just set the shell to /usr/bin/false or /usr/sbin/nologin for
users like these. Of course you can't test these interactively with
su. If you want to do that, give the account a valid login shell, test it,
then set it to false or nologin.
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the freebsd-questions