- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- su not working
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-25-2003 11:56 PM
11-25-2003 11:56 PM
pam_start: Check /etc/pam.conf
su: Sorry
Looking at pam.conf its set to 777 but has not been updated since install so I'm not sure why this would stop working. Also if the permissions are wrong hw can I change it if I can't get on the servers as root
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-26-2003 12:07 AM
11-26-2003 12:07 AM
SolutionAs a default, it should be set to 444 (read only)
You also need to check the permissions on /usr/bin/su
This should be 4555, owned by root (setuid enabled with read/execute for all users).
If you can't su to root, your best options are;
1) log in directly as root
2) rlogin as root from a server with suitable host equivalency
3) boot server into single user mode.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-26-2003 12:35 AM
11-26-2003 12:35 AM
Re: su not working
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-26-2003 12:37 AM
11-26-2003 12:37 AM
Re: su not working
the problem could be that the owner/group relationship for the file-inode has been changed by someone; check by "ls -lc /etc/pam.conf". An inode change will not be reflected in a "ls -l".
I know it is an idiotic suggestion if you cannot even log on. And it is only a guess, but judging from the permissions, it could be the problem. However, I do not even dare suggest what is correct, as I have checked the user/group relationship on three different servers for /etc/pam.conf here and they are not even the same.
regards,
John K.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-26-2003 12:57 AM
11-26-2003 12:57 AM
Re: su not working
Our last good backup if from two nights ago so I don't really want to have to restore the whole system. Does anyone have/know of a script that can take an input file and change all af the permissions back??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-26-2003 01:16 AM
11-26-2003 01:16 AM
Re: su not working
I have heard about scripts that can do this for vg00, but hardly for the applications. And even if you go for the script solution, you should be aware that you may not see all problems deriving from this ..eh situation immediately.
I would go for the backup.
regards,
John K.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-26-2003 01:19 AM
11-26-2003 01:19 AM
Re: su not working
Our backup write a listing to a file, someone else has written a perl script that will use this file and reset the permissions as they were so I might give it ago,
regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-26-2003 01:25 AM
11-26-2003 01:25 AM
Re: su not working
that sounds better. But what will you do to the application guy?
regards,
John K.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-26-2003 01:46 AM
11-26-2003 01:46 AM
Re: su not working
***IMPORTANT*** I would advise testing this on an unimportant directory on the server prior to a full run if at all possible. All I can say is it can't really make things any worse.
On the WORKING server;
find / -type f -exec ll {} \; | awk '{print substr($0,2,3)":"substr($0,5,3)":"substr($0,8,3)":"$NF}' | sed -e s/"\-"//g > /tmp/perm_list.txt
This will generate a list of permissions (separated into owner, group and other by a colon), and files eg
rwx:rx:rx:./test/getuser
rw:r::./test/bits/dept
rwx:rwx:rwx:./test/bits/test
rwx:rx::./test/bits/checker
rw:r::./test/bits/1
rw:r::./test/bits/1.c
rw:r::./test/non_patrol
rw:r::./test/sys.lst
rw:r::./test/local.lst
rw:rw:rw:./test/local_ser
This can then be copied to the AFFECTED server.
You can then try the following to set the permissions. *** ENSURE THAT YOU ARE ON THE AFFECTED SERVER ***
for LINE in `cat perm_list.txt`
do
USER=`echo $LINE | awk -F: '{print $1}'`
GROUP=`echo $LINE | awk -F: '{print $2}'`
OTHER=`echo $LINE | awk -F: '{print $3}'`
FILE=`echo $LINE | awk -F: '{print $4}'`
echo "setting file permissions to $USER$GROUP$OTHER for $FILE"
chmod u=$USER,g=$GROUP,o=$OTHER $FILE
done
What this is doing, is taking each line from the list on the working server, and setting the same permissions to the files on the affected server (if they exist).
Hopefully, this will address most of the problems, but if it doesn't work, you will have to look to a full restore.
It may be worth waiting to see if anyone else has comments on this approach before trying it.
Good luck.