昨天碰到一个su 切换不成功的问题
下面是su 切换过程的日志:
[root@blog-mreald-com ~]# tail -f /var/log/secure|grep su: Jun 2 17:23:14 blog-mreald-com su: pam_unix(su-l:auth): authentication failure; logname=root uid=20002 euid=20002 tty=pts/8 ruser=mc rhost= user=root Jun 2 17:23:22 blog-mreald-com su: pam_unix(su-l:auth): authentication failure; logname=root uid=20002 euid=20002 tty=pts/8 ruser=mc rhost= user=root Jun 2 17:28:13 blog-mreald-com su: pam_unix(su-l:auth): authentication failure; logname=root uid=20002 euid=20002 tty=pts/8 ruser=mc rhost= user=chkusr
换个主机,能正常切换的日志:
[root@nexthost ~]# tail -f /var/log/secure|grep su: Jun 2 17:27:19 nexthost su: pam_tally(su-l:account): option deny=5 allowed in auth phase only Jun 2 17:27:19 nexthost su: pam_tally(su-l:account): unknown option: reset Jun 2 17:27:19 nexthost su: pam_tally(su-l:account): option no_lock_time allowed in auth phase only Jun 2 17:27:19 nexthost su: pam_unix(su-l:session): session opened for user chkusr by root(uid=2146)
开始感觉是pam 中的login、su 认证模块配置错误 ,但查不出问题
后面看到 报错中的logname=root uid=20002 euid=20002
uid==euid 明显不对啊
su 的原理是先有root权限才能读/etc/shadow,才能切换到其它用户
做以下更改就可以了:
[root@blog-mreald-com ~]# ll /bin/su
-rwxr-xr-x. 1 root root 34904 Nov 22 2013 /bin/su
[root@blog-mreald-com ~]# chmod u+s /bin/su
[root@blog-mreald-com ~]# ll /bin/su
-rwsr-xr-x. 1 root root 34904 Nov 22 2013 /bin/su
不懂euid的可能参考:
http://www.cnblogs.com/kunhu/p/3699883.html
同理:
root@blog-mreald-com:~# ll /usr/bin/passwd -rwsr-xr-x 1 root root 47032 2月 17 2014 /usr/bin/passwd*