Discussion:
su on 3.8 soekris
Andreas Mürdter
2005-11-09 14:40:04 UTC
Permalink
Hi,

I installed openbsd 3.8 on a soekris box 4801 with flashdist-20050612.
i added the user admin and added user admin to the group wheel.

/etc/group
---snip---
wheel:*:0:root,admin
---snip---

when i type in "su" as admin i get an error in authlog
---snip---
Nov 9 13:37:39 sample su: BAD SU admin to root
---snip---

The password is 100% correct!

When I delete all users in group wheel
---snip---
wheel:*:0:
---snip---
su failed with the same message.

with OpenBSD 3.7 it works fine.
su with a "normal" installation works, too.
I think I miss some files which is new in 3.8

THX for your help
Andreas
Bob Beck
2005-11-09 16:06:44 UTC
Permalink
Post by Andreas Mürdter
/etc/group
---snip---
wheel:*:0:root,admin
---snip---
when i type in "su" as admin i get an error in authlog
---snip---
Nov 9 13:37:39 sample su: BAD SU admin to root
---snip---
The password is 100% correct!
I think you're missing something here.

after making /etc/group have those entries in it, did you
log out of "admin" and log back in?

i.e. show us the shell output of something like this, as user admin:

$ groups
beck wheel
$ su
Password:
#

The "groups" command tells you what groups the session knows
you belong to, not the contents of the /etc/group file, which says
what will happen the next session you start.

-Bob
Andreas Mürdter
2005-11-10 08:05:52 UTC
Permalink
command groups does not exist on the soekris-box. but id.....
this is the output after reboot.

---snip---
$ id admin
uid=1000(admin) gid=10(users) groups=10(users), 0(wheel)

$ su
Password:
Nov 9 16:23:26 sample su: BAD SU admin to root on /dev/tty00
Sorry
Nov 9 16:23:26 sample su: BAD SU admin to root on /dev/tty00
$
---snip---

-Andreas
Post by Bob Beck
Post by Andreas Mürdter
/etc/group
---snip---
wheel:*:0:root,admin
---snip---
when i type in "su" as admin i get an error in authlog
---snip---
Nov 9 13:37:39 sample su: BAD SU admin to root
---snip---
The password is 100% correct!
I think you're missing something here.
after making /etc/group have those entries in it, did you
log out of "admin" and log back in?
$ groups
beck wheel
$ su
#
The "groups" command tells you what groups the session knows
you belong to, not the contents of the /etc/group file, which says
what will happen the next session you start.
-Bob
--
Mit freundlichen Gr|_en
Best regards

Andreas M|rdter

DO NOT GIVE OUR ADDRESS TO THIRD PARTYS, WE HATE JUNK-MAIL
___________________________________________________________________
TBits.net GmbH | Telefon: +49 (0)7172 18391-0
Andreas M|rdter | Telefax: +49 (0)7172 18391-99
Seeweg 6 | Service: +49 (0)700 TBITSNET
D-73553 Alfdorf |
http://www.tbits.net | eMail: ***@tbits.net
Guido Tschakert
2005-11-10 09:04:54 UTC
Permalink
Post by Andreas Mürdter
command groups does not exist on the soekris-box. but id.....
this is the output after reboot.
---snip---
$ id admin
uid=1000(admin) gid=10(users) groups=10(users), 0(wheel)
$ su
Nov 9 16:23:26 sample su: BAD SU admin to root on /dev/tty00
Sorry
Nov 9 16:23:26 sample su: BAD SU admin to root on /dev/tty00
$
---snip---
-Andreas
Which password do you use?
The password of admin or the password of root?

Using su you need the password of root.
Using sudo su (if you use sudo) you need the password of admin.

guido
Andreas Mürdter
2005-11-10 10:22:21 UTC
Permalink
I use the root password.
This password is correct.


I think, I miss anything file or lib.

output groups:
---snip---
# groups admin
users wheel

---snip---

Andreas
Post by Guido Tschakert
Post by Andreas Mürdter
command groups does not exist on the soekris-box. but id.....
this is the output after reboot.
---snip---
$ id admin
uid=1000(admin) gid=10(users) groups=10(users), 0(wheel)
$ su
Nov 9 16:23:26 sample su: BAD SU admin to root on /dev/tty00
Sorry
Nov 9 16:23:26 sample su: BAD SU admin to root on /dev/tty00
$
---snip---
-Andreas
Which password do you use?
The password of admin or the password of root?
Using su you need the password of root.
Using sudo su (if you use sudo) you need the password of admin.
guido
Joachim Schipper
2005-11-10 13:19:25 UTC
Permalink
Post by Andreas Mürdter
I use the root password.
This password is correct.
I think, I miss anything file or lib.
---snip---
# groups admin
users wheel
---snip---
Andreas
Post by Guido Tschakert
Post by Andreas Mürdter
command groups does not exist on the soekris-box. but id.....
this is the output after reboot.
---snip---
$ id admin
uid=1000(admin) gid=10(users) groups=10(users), 0(wheel)
$ su
Nov 9 16:23:26 sample su: BAD SU admin to root on /dev/tty00
Sorry
Nov 9 16:23:26 sample su: BAD SU admin to root on /dev/tty00
$
---snip---
-Andreas
Which password do you use?
The password of admin or the password of root?
Using su you need the password of root.
Using sudo su (if you use sudo) you need the password of admin.
guido
Is /dev/tty00 marked as 'secure' in /dev/ttys?

Are you really, really sure you use the correct password? Can you login
as root using this password? From the same keyboard, etc? If you type
the password where you can see it (make sure it doesn't get stored
anywhere!), does it match what you want to type?

Failing that, you can always try debugging with ktrace(1)...

Joachim
Andreas Mürdter
2005-11-10 17:19:04 UTC
Permalink
Post by Joachim Schipper
Is /dev/tty00 marked as 'secure' in /dev/ttys?
ttys
---snip---
tty00 "/usr/libexec/getty std.19200" vt100 on secure
---snip---

Passwort ist 100% correct!!

Andreas
Post by Joachim Schipper
Are you really, really sure you use the correct password? Can you login
as root using this password? From the same keyboard, etc? If you type
the password where you can see it (make sure it doesn't get stored
anywhere!), does it match what you want to type?
Failing that, you can always try debugging with ktrace(1)...
Joachim
--
Mit freundlichen Gr|_en
Best regards

Andreas M|rdter

DO NOT GIVE OUR ADDRESS TO THIRD PARTYS, WE HATE JUNK-MAIL
___________________________________________________________________
TBits.net GmbH | Telefon: +49 (0)7172 18391-0
Andreas M|rdter | Telefax: +49 (0)7172 18391-99
Seeweg 6 | Service: +49 (0)700 TBITSNET
D-73553 Alfdorf |
http://www.tbits.net | eMail: ***@tbits.net
Joachim Schipper
2005-11-11 15:37:50 UTC
Permalink
Post by Andreas Mürdter
Post by Joachim Schipper
Is /dev/tty00 marked as 'secure' in /dev/ttys?
ttys
---snip---
tty00 "/usr/libexec/getty std.19200" vt100 on secure
---snip---
Passwort ist 100% correct!!
Andreas
Post by Joachim Schipper
Are you really, really sure you use the correct password? Can you login
as root using this password? From the same keyboard, etc? If you type
the password where you can see it (make sure it doesn't get stored
anywhere!), does it match what you want to type?
Failing that, you can always try debugging with ktrace(1)...
Joachim
Looks good.

I must admit I'm a bit stumped.

First, re-install the system. Untar everything you have installed, with
the exception of etcXY.tgz, in the root.

If that doesn't work, inspect /etc/passwd manually (for instance, with
vipw). Do the same for the other passwd-type files. Run

$ sudo pwd_mkdb -c /etc/master.passwd
$ sudo pwd_mkdb -c /etc/master.passwd

Additionally, try to su and sudo to another account - create one, if
necessary. Report back on your findings.

Post /etc/passwd, /etc/login.conf and /etc/sudoers.

If it still doesn't work, try

$ sudo passwd root
Password:
Changing local password for root.
New password:
Retype new password:
$ su
Password:
Sorry
$ ktrace su
Password:
Sorry
$ kdump | mail -s 'Re: su on 3.8 soekris' ***@openbsd.org

At least it'll show you if some file cannot be read, or somesuch. Please
note that the above will send the password in question to the mailing
list.

Good luck. I must admit I'm stumped, though I'm too new to OpenBSD to
know all the gotchas...

Joachim
Mike Hernandez
2005-11-11 15:04:43 UTC
Permalink
Post by Joachim Schipper
Additionally, try to su and sudo to another account - create one, if
necessary. Report back on your findings.
I missed the beginning of this thread (fingers get happy on the d key some mornings;))
but you may want to add a new user in the staff login class and the wheel group and
try to su with that account?

Mike H

Loading...