su question

aquilinum

aquilinum

I did give a search before asking, but apologies if this is already answered or better asked elsewhere...

When I try to su(1) to another user (i.e. su -l username or even just su username) and use the password that I know works, my system prints no errors and my shell prompt returns the name of my account (which yes, is part of the wheel group). If I check my ID and groups I see that I am part of wheel and that I did not successfully switch to the other user account, even though I know I entered the password correctly.

Code: 
$ groups
myusername wheel
$ su otherusername
Password:
$ id
uid=1001(myusername) gid=1001(myusername) groups=1001(myusername),0(wheel)

Any ideas/suggestions on where I can look to troubleshoot even?
 
Greetings,

A couple of questions come to mind: what version of FreeBSD are you on (see uname -a). Also what shell do you use; sh(1), csh(1) (tcsh), bash(1), ...? Were you already logged in as root somewhere before attempting su(1)?

Scratch that; after refreshing myself with su, I discover the following:
Code: 
-l      Simulate a full login.  The environment is discarded except for
	     HOME, SHELL, PATH, TERM, and USER.  HOME and SHELL are modified
	     as above.	USER is set to the target login.  PATH is set to
	     ``/bin:/usr/bin''.  TERM is imported from your current environ-
	     ment.  Environment variables may be set or overridden from the
	     login class capabilities database according to the class of the
	     target login.  The invoked shell is the target login's, and su
	     will change directory to the target login's home directory.
	     Resource limits and session priority are modified to that for the
	     target account's login class.
Sound familiar? Please see the su(1) man(1) page(s) for further details.

--chris
 
@Chris_H,

I'm running 9.1-RELEASE and I have used the -l option to no avail. The system never changes my session / starts a new shell / whatever is supposed to happen and I never get moved to the home directory of the target user.

Code: 
$ uname -a
FreeBSD frond 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec  4 09:23:10 UTC 2012     root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64

Would a restrictive ipfw setting affect this?
 
Last edited by a moderator:
OK. I guess I should have enquired a bit more. Are you at the box you're su-ing in? Or are you ssh-ing into it from another location? Have you examined login.conf(5)? I still need to know what shell(s) you're working with -- both the user you're su-ing to and the user you're su-ing from. These are especially important. Because they have a massive effect on the environment(s) -- env(1).

--chris
 
@Chris_H,

I can be at the system (have not tried it there), but right now I am over SSH. I have not modified login.conf nor have I modified ~/.login on either the source or the target user.

And I just figured it out. I set the user account to /usr/bin/false a long time ago. I'm so embarrassed.

Thanks Chris_H
 
Last edited by a moderator:
You must log in or register to reply here.
Back
Top