Date: Wed, 13 Feb 2008 13:01:34 -0600 From: Derek Ragona <derek@computinginnovations.com> To: "Neil Gruending" <neil@gruending.net> Cc: freebsd-questions@freebsd.org Subject: Re: Help with su on 6.3 Message-ID: <6.0.0.22.2.20080213125757.02532c58@mail.computinginnovations.com> In-Reply-To: <bd20341a0802131051h4d5e2680tc8aa52f644c56ef8@mail.gmail.co m> References: <bd20341a0802121616k51de1330g4bc486072a4c097b@mail.gmail.com> <6.0.0.22.2.20080212190133.024c3008@mail.computinginnovations.com> <bd20341a0802131051h4d5e2680tc8aa52f644c56ef8@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:51 PM 2/13/2008, Neil Gruending wrote: >On 2/12/08, Derek Ragona <derek@computinginnovations.com> wrote: > > > > At 06:16 PM 2/12/2008, Neil Gruending wrote: > > > > Hi, > > > > Today I upgraded my computer to 6.3, but now root can't su to other > > users. I login as a regular user (neil) over ssh and I can su to > > become root. But now root can't su to other users. For example, if I > > do "su svn" I get "su: Sorry". My boot rc scripts do the same thing > > where I use su. Everything worked fine when I was running 6.2. Any > > help is appreciated. I followed the binary upgrade procedure in the > > release announcement. > > > > Thanks > > Neil > > Did you run mergemaster? Check your users still exist in /etc/passwd? > > > > -Derek > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > >I didn't run mergemaster because >http://www.freebsd.org/releases/6.3R/announce.html didn't say to. >However, I did try su at the console with the same result, but I was >getting pam_acct_mgmt: authentication errors. I checked >/etc/master.passwd and noticed that the accounts I was trying to su to >were locked. I tried "passwd account" as root on an account that >wasn't working and once I set a password it I could su to it as long >as logins were enabled. I tried another account with disabled logins >and got "This account is currently not available". > >Both of these accounts only exist to let servers run as different >users. What's the proper way to set them up? Maybe that's my issue >instead. I only noticed this because the servers weren't starting >because the init scripts can't su to the right users anymore. > >Thanks, >Neil Well you should always read and follow UPDATING in /usr/src when doing an upgrade. I usually just set the shell to /usr/bin/false or /usr/sbin/nologin for users like these. Of course you can't test these interactively with su. If you want to do that, give the account a valid login shell, test it, then set it to false or nologin. -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.0.0.22.2.20080213125757.02532c58>