Local user account unable to "su" to another local user account — Cloud Customer Connect
You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register
Note!! Please register for a free account to access the full content and also to participate in Q&A in the community
Get Started with Redwood: Oracle Cloud SCM and Purchasing

Local user account unable to "su" to another local user account

edited Jun 30, 2022 2:54AM in Linux

Applies To:

Oracle Cloud Infrastructure - Version N/A and later

Linux OS - Version Oracle Linux 5.0 to Oracle Linux 8.3 with Unbreakable Enterprise Kernel [5.4.17] [Release OL5 to OL8U3]

Symptoms:

Local user account unable to "su" to another local user account.

[opc@<SERVER1> ~]$ su <TESTUSER1>
Password:
su: Permission denied

[opc@<SERVER2> ~]$ su <TESTUSER2>
Password:
su: Permission denied

Changes:

None

Cause:

The file /etc/pam.d/su has an entry "auth required pam_wheel.so use_uid" in the stack.

[root@localhost ~]# head /etc/pam.d/su
#%PAM-1.0
auth            sufficient      pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth           sufficient      pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth            required        pam_wheel.so use_uid
auth            substack        system-auth
auth            include         postlogin
account         sufficient      pam_succeed_if.so uid = 0 use_uid quiet
account         include         system-auth
[root@localhost
Tagged:

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!