Results 1 to 6 of 6

Thread: su: Authentication service cannot retrieve authentication info

  1. #1

    Default su: Authentication service cannot retrieve authentication info

    Tell me, how can I fix this problem?
    The sudo command works for me, but su doesn't work.

    Code:
    ~> su
    Password:  
    su: Authentication service cannot retrieve authentication info
    

  2. #2
    Join Date
    Sep 2012
    Posts
    8,237

    Default Re: su: Authentication service cannot retrieve authentication info

    This is rather generic error. Compare PAM configuration for sudo and su or post them here (full file content in tags code).

  3. #3

    Default Re: su: Authentication service cannot retrieve authentication info

    The reason for the problem is that the user changed the permissions for /usr/bin:

    Code:
    sudo chown -R $(whoami) /usr/bin
    I was able to solve the problem this way:

    Code:
    sudo chown -R root:root /usr/bin/
    sudo chmod 4755 /usr/bin/su
    sudo chmod 4755 /usr/bin/sudo

    Tell me, are these the correct permissions?
    Sudo and su currently work. Is there any other action to be taken?

  4. #4

    Default Re: su: Authentication service cannot retrieve authentication info

    No. That's it:

    Code:
    chmod u+s -R /usr/bin/su
    chmod u+s -R /usr/bin/sudo
    


  5. #5
    Join Date
    Sep 2012
    Posts
    8,237

    Default Re: su: Authentication service cannot retrieve authentication info

    Quote Originally Posted by aleksejsmir View Post
    The reason for the problem is that the user changed the permissions for /usr/bin:
    Oh, well. I really hate to start with "have you tried to power it off and on again" every time.

    Code:
    sudo chown -R $(whoami) /usr/bin
    This also resets sudo permissions. How comes sudo worked then?

    Code:
    sudo chown -R root:root /usr/bin/
    This is wrong. Some files in /usr/bin belong to different group (and there is no guarantee every file in /usr/bin belongs to user "root" either) and some of those files are also SGID. They remain broken. The generic way is to run "rpm --verify" for all packages that have files in /usr/bin, "rpm --restore" to reset permissions for packages that report different values and finally "chkstat --system" to reapply permissions that deviate from RPM.
    Code:
    sudo chmod 4755 /usr/bin/su
    sudo chmod 4755 /usr/bin/sudo

    Tell me, are these the correct permissions?
    Yes for these two files.
    Is there any other action to be taken?
    See above.
    Quote Originally Posted by aleksejsmir View Post
    No. That's it:

    Code:
    chmod u+s -R /usr/bin/su
    chmod u+s -R /usr/bin/sudo
    

    u+s is bit 4000 that you already set and there is no point in using -R for a single file.

  6. #6

    Default Re: su: Authentication service cannot retrieve authentication info

    Quote Originally Posted by arvidjaar View Post
    ..."rpm --restore" to reset permissions for packages that report different values and finally "chkstat --system" to reapply permissions that deviate from RPM.
    I don't understand why this mistake...?

    Code:
    ~> sudo rpm --restore -a
    sh: line 7: getcap: command not found
    sh: line 17: getcap: command not found
    sh: line 27: getcap: command not found
    sh: line 2: getcap: command not found
    sh: line 7: getcap: command not found
    sh: line 17: getcap: command not found
    Made it this way:

    Code:
    sudo rpm --setugids $(rpm -qf $(find /usr/bin) | sort -u)
    sudo rpm --setperms $(rpm -qf $(find /usr/bin) | sort -u)
    sudo chkstat --system
    What do you think, is it right?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •