Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problems 'su'ing into the root user

Simon,

Thanks for your advice. I will try to use "sudo" for more things and "sudo -s" only when I need to. It is unfortunate that the problem will still exist but I am glad there are valid and even suggested work-a-rounds. I will also try to keep a closer tab on who are server admins. I can't quite follow "don't give it to anyone," but I will try to edit the sudoers file to suit my needs. Thanks for all your help. I definitely learned a lot more about "sudo" and "su."

Nate Rudd
Technology Coordinator
Christian Academy in Japan
email@hidden

On Aug 22, 2006, at 6:05 PM, Simon Slavin wrote:


On 22 Aug 2006, at 3:49am, Nate Rudd wrote:

I can no longer 'su' into the root user on the server or any client using ssh or sitting locally at the machines. Terminal just responds by saying Sorry. When I try it on the server I get the following errors from the system.log:

Aug 22 11:21:11 ns su: pam_authenticate: Permission denied
Aug 22 11:21:16 ns DirectoryService[55]: Failed Authentication return is being delayed due to over five recent auth failures for username: root.

I am not sure why it says I have tried five times when I only tried once from the terminal. Also I can log into the root user graphically no problem (server and clients) and this has helped work around the problem. I have also found that I can gain root access by typing:

sudo su root 

Argh.  That is a horrible combination.

OS X has always worked better with 'sudo' than 'su'. There are security issues surrounding both applications, but 'sudo' is better designed and more secure in the situations that you would find most OS X computers set up for. 'sudoers' does its job properly under OS X (or, at least, it did in the last version I examined).

I normally recommend that OS X people never use 'su'. You can use 'sudo' for single instructions, 'sudo -s' for entire sessions with different privs, and 'sudo -u' for non-root. All three are more secure, for a normal setup, than the equivalent 'su' would be.

Certain documentation from Apple's Knowledge Base instructs people to use 'su' for specific tasks. I feel that this is not the best advice and would like to see it changed.

Sorry, that turned into a rant. Anyway: try using 'sudo' instead of 'su' unless it's useless for your task.

Simon
--
Simon Slavin                               Fylde Building Room C11
Computing Development Officer              01524 65201 x 93569
Psychology Department
University of Lancaster


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/deafears% 40naterudd.com

This email sent to email@hidden


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden
References: 
 >Problems 'su'ing into the root user (From: Nate Rudd <email@hidden>)
 >Re: Problems 'su'ing into the root user (From: Simon Slavin <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.