Help with su on 6.3

Derek Ragona derek at computinginnovations.com
Wed Feb 13 19:00:13 UTC 2008 

At 12:51 PM 2/13/2008, Neil Gruending wrote:
>On 2/12/08, Derek Ragona <derek at computinginnovations.com> wrote:
> >
> >  At 06:16 PM 2/12/2008, Neil Gruending wrote:
> >
> > Hi,
> >
> >  Today I upgraded my computer to 6.3, but now root can't su to other
> >  users. I login as a regular user (neil) over ssh and I can su to
> >  become root. But now root can't su to other users. For example, if I
> >  do "su svn" I get "su: Sorry". My boot rc scripts do the same thing
> >  where I use su. Everything worked fine when I was running 6.2. Any
> >  help is appreciated. I followed the binary upgrade procedure in the
> >  release announcement.
> >
> >  Thanks
> >  Neil
> >  Did you run mergemaster?  Check your users still exist in /etc/passwd?
> >
> >          -Derek
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
>
>I didn't run mergemaster because
>http://www.freebsd.org/releases/6.3R/announce.html didn't say to.
>However, I did try su at the console with the same result, but I was
>getting pam_acct_mgmt: authentication errors. I checked
>/etc/master.passwd and noticed that the accounts I was trying to su to
>were locked. I tried "passwd account" as root on an account that
>wasn't working and once I set a password it I could su to it as long
>as logins were enabled. I tried another account with disabled logins
>and got "This account is currently not available".
>
>Both of these accounts only exist to let servers run as different
>users. What's the proper way to set them up? Maybe that's my issue
>instead. I only noticed this because the servers weren't starting
>because the init scripts can't su to the right users anymore.
>
>Thanks,
>Neil

Well you should always read and follow UPDATING in /usr/src when doing an 
upgrade.

I usually just set the shell to /usr/bin/false or /usr/sbin/nologin for 
users like these.  Of course you can't test these interactively with 
su.  If you want to do that, give the account a valid login shell, test it, 
then set it to false or nologin.

         -Derek


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the freebsd-questions mailing list