su: Permission denied despite correct password
You have to add your user to the wheel
group:
gpasswd -a youruser wheel
Alternatively, you can disable the group membership check for su
in pam
by editing
/etc/pam.d/su
and commenting out this line:
auth required pam_wheel.so use_uid
It requires users to be in the wheel
group to be able to switch user.
User switching as non-root works again when this pam
module is disabled for su
.
There could be many problems. Check some of these items, using the hypothetical user, erik:
- Is erik a member of the wheel group (
groups
)? - Are you providing the root password? (And not the password for erik)
- Does
/bin/su
have these privileges:rwsr-xr-x
(Is it setuid root?ls -l /bin/su
) - Can you log in as root via the console?
- Have you looked at the logs for a clue in an error message?
- Have you turned on grsecurity in the kernel?
- Did it ever work? If so, when did it break?
- What happens if erik does a
sudo su -
?
There could be many reasons. It's very likely that the reason appears in the system logs. Look in /var/log
for files that got modified at the time of an su
attempt (the file name depends on your syslog configuration). If you have trouble interpreting log entries, copy-paste them into your question.