Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 176033 - su fails
su fails
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2005-12-17 17:50 EST by David Woodhouse
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version: current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-03-15 23:35:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
strace (79.78 KB, text/plain)
2005-12-19 20:17 EST, David Woodhouse
no flags Details

  None (edit)
Description David Woodhouse 2005-12-17 17:50:40 EST
On a fresh rawhide install with selinux disabled, su fails, reporting (falsely)
'incorrect password'.

Dec 17 17:32:15 pmac su: pam_unix(su:auth): authentication failure;
logname=dwmw2 uid=500 euid=0 tty=tty1 ruser=dwmw2 rhost=  user=root

'ssh root@localhost' works fine.
Comment 1 Tim Waugh 2005-12-18 05:29:18 EST
What version of coreutils, and of pam?
Comment 2 David Woodhouse 2005-12-18 08:28:42 EST
20051217 rawhide:
Comment 3 Tim Waugh 2005-12-19 04:27:48 EST
Seems to be a pam issue, according to one of the fedora mailing lists.
Comment 4 Tomas Mraz 2005-12-19 04:47:07 EST
Can you please attach a strace of it? It should be good enough to attach to the
su process when it is asking for a password. (Of course change the password
before that so it isn't valuable.)
Comment 5 Tomas Mraz 2005-12-19 05:07:19 EST
I cannot reproduce this issue on rawhide i386 with coreutils-5.93-4.1 and
pam- with SELinux disabled. So it might even be a ppc only problem.
Comment 6 David Woodhouse 2005-12-19 19:38:11 EST
I can't reproduce it any more either. There exists a possibility that I just
mistyped the password _repeatedly_ and then happened to get it right the first
time I tried to 'ssh root@localhost' instead. Or maybe there was something wrong
with the system date, which has been known to make PAM unhappy. Either way, I
think we can close this. Apologies for the noise.
Comment 7 David Woodhouse 2005-12-19 20:16:42 EST
I lie. It happens again on a clean install, although this time I'm inclined to
blame selinux and I'm fairly sure I'd booted with 'selinux=0' last time, because
I didn't think the system would boot at all without it.
Comment 8 David Woodhouse 2005-12-19 20:17:33 EST
Created attachment 122431 [details]
Comment 9 Tomas Mraz 2005-12-20 02:58:26 EST
Yep, this is selinux preventing pam_unix to read /etc/shadow (which is right), 
but then it prevents it to run /sbin/unix_chkpwd (which should be allowed).
Comment 10 Daniel Walsh 2005-12-20 09:18:35 EST
This is a known problem in labeling the homedirs in the install

restorecon -R -v /root /home

Should clean it up.  Hopefully tonights rawhide will fix the problem.
Comment 11 Daniel Walsh 2006-01-02 12:12:46 EST
Fixed in selinux-policy-2.1.6-19

Also coreutils is changed to not use selinux for su any longer.
Comment 12 Daniel Walsh 2007-03-15 23:35:20 EDT
Closing several old modified bugs

Note You need to log in before you can comment on or make changes to this bug.