Subject: Re: can't su
To: Spark Stuff <netbsd@zapcom.net>
From: Jeremy Cooper <jeremy@broder.com>
List: port-sparc
Date: 01/08/1997 13:54:12
On Wed, 8 Jan 1997, Spark Stuff wrote:
> Sorry if I'm asking too many questions....but I have finnaly figured out
> adding users and have now added ttyp0 as a secure port, but when I try to
> do "su" or "su -" , it then askes for the password and I type in the
> password for root and it then tells me BAD su for ROOT...what am I doing
> wrong, is there a file I need to configure first?
First off, I think you should understand what 'secure' in this
context means. The 'secure' tag on a tty indicates that root may LOGIN
directly on that tty. The only programs that will enforce this
restriction are /usr/libexec/getty and /usr/libexec/in.telnetd. Once you
have logged into a terminal, these restrictions no longer apply.
'su' is a program that you execute once you have already logged in, and
thus is not affected by the 'secure' tag on the tty. You can su on any
tty as long as two conditions are followed:
1. You are in the wheel group.
2. You know root's password.
The problem you are now facing has to do with one of the above rules.
Check to make sure that you are in the wheel group (group 0), and that you
know root's password. You can check what groups of which you are a member
by issuing the 'id' command. Here's an example output:
uid=2000(jeremy) gid=0(wheel) groups=0(wheel), 5(operator)
If 'wheel' appears in your gid OR in your groups, you are considered a
member of the wheel group.
-J