Answer the question
In order to leave comments, you need to log in
Why did the su command stop working in Debian 8?
Greetings.
Actually, at some point in time, the su command stopped working. When you try to call it, the message "su: Access denied" appears, it does not even ask for a password.
I tried to call on everyone: and, "su username", and "su", and "su root", and from the root, and from a regular user. Everywhere is the same.
An internet search yields a bunch of references to "su vs sudo" holiwars and a suggestion to check the uid bit for /bin/su (ok, 4755). /etc/pam.d/su seems to be fine too.
Tell me what to do, where to dig?
Thank you.
Answer the question
In order to leave comments, you need to log in
If the SUID-bit is OK, dig the PAM settings for each module separately. For most, you can enable debug in the options and get debug output. See man pam_modulename for details.
It can be, for example, checking the shell, then make sure that the user's shell is correct, starts and is listed in /etc/shells. Make sure that the user is correctly registered in /etc/passwd and /etc/shadow, and is in the correct groups. Make sure the pam modules themselves are there. Run su with strace and see where it stops.
If there are backups, compare the md5 binary of su and rights. And yes, strace.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question