View previous topic :: View next topic |
Author |
Message |
Deadog n00b
Joined: 16 Jan 2005 Posts: 25 Location: Angers | ESEO
|
Posted: Sun Jan 16, 2005 6:07 pm Post subject: [Droit] Problème de droit avec su et mount (résolu) |
|
|
Salut
j'ai des problèmes de droit avec mes utlisateurs normaux avec les commandes su et mount
avec un "su -" il m'interdit de passer en root ("Authentification Failure")
et mount refuse que les utlisateurs monte un qqlconque volume
alors, pour parrer déjà aux questions detect-noob :
* oui mes users sont dans le groupe wheel
* oui les volumes que je veux monter contiennent bien l'option user ou users (indifférement, les 2 marchent pas)
voici mon /etc/pam.d/su :
Code: | #%PAM-1.0
auth sufficient /lib/security/pam_rootok.so
# If you want to restrict users begin allowed to su even more,
# create /etc/security/suauth.allow (or to that matter) that is only
# writable by root, and add users that are allowed to su to that
# file, one per line.
#auth required /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow
# Uncomment this to allow users in the wheel group to su without
# entering a passwd.
#auth sufficient /lib/security/pam_wheel.so use_uid trust
# Alternatively to above, you can implement a list of users that do
# not need to supply a passwd with a list.
#auth sufficient /lib/security/pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass
# Comment this to allow any user, even those not in the 'wheel'
# group to su
auth required /lib/security/pam_wheel.so use_uid
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_env.so
session optional /lib/security/pam_xauth.so |
(je précise que j'ai déjà essayé le fichier /etc/security/suauth.allow mais sans plus de succé
et un exemple de ligne de mon fstab qui me refuse le mount :
Quote: | /dev/cdrom /mnt/graveur iso9660 ro,nosuid,auto,noexec,users 0 0 |
et mon /etc/group
Code: | root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
disk:x:6:root,adm
lp:x:7:lp
mem:x:8:
kmem:x:9:
wheel:x:10:root,lexa
floppy:x:11:root,lexa
mail:x:12:mail
news:x:13:news
uucp:x:14:uucp
man:x:15:man
cron:x:16:cron
console:x:17:
audio:x:18:lexa
cdrom:x:19:lexa
dialout:x:20:root
ftp:x:21:
sshd:x:22:
at:x:25:at
tape:x:26:root
video:x:27:root,lexa
squid:x:31:squid
gdm:x:32:gdm
xfs:x:33:xfs
games:x:35:lexa
named:x:40:named
mysql:x:60:
postgres:x:70:
cdrw:x:80:
apache:x:81:
nut:x:84:
usb:x:85:lexa
vpopmail:x:89:
users:x:100:games,lexa
nofiles:x:200:
qmail:x:201:
postfix:x:207:
postdrop:x:208:
smmsp:x:209:smmsp
slocate:x:245:
portage:x:250:portage,lexa
utmp:x:406:
nogroup:x:65533:
nobody:x:65534:
rpc:x:111:
messagebus:x:407:
haldaemon:x:408:
|
déjà sur ma précédente gentoo, ça me faisait pareil
et ça m'éxcède vraiment cette histoire
Last edited by Deadog on Sun Jan 16, 2005 9:12 pm; edited 1 time in total |
|
Back to top |
|
|
kernelsensei Bodhisattva
Joined: 22 Feb 2004 Posts: 5619 Location: Woustviller/Moselle/FRANCE (49.07°N;7.02°E)
|
Posted: Sun Jan 16, 2005 6:44 pm Post subject: |
|
|
etrange en effet !
sinon, pour ta ligne du fstab, pas besoin du noexec, il est compris dans users !
t'as deja regarde tes logs avant et apres une tentative de su ? _________________ $ ruby -e'puts " .:@BFegiklnorst".unpack("x4ax7aaX6ax5aX15ax4aax6aaX7ax2aX5aX8 \
axaX3ax8aX4ax6aX3aX6ax3ax3aX9ax4ax2aX9axaX6ax3aX2ax4ax3aX4aXaX12ax10aaX7a").join' |
|
Back to top |
|
|
Deadog n00b
Joined: 16 Jan 2005 Posts: 25 Location: Angers | ESEO
|
Posted: Sun Jan 16, 2005 6:56 pm Post subject: |
|
|
y'a rien |
|
Back to top |
|
|
Darkael Veteran
Joined: 10 Aug 2004 Posts: 1321 Location: France
|
Posted: Sun Jan 16, 2005 7:02 pm Post subject: |
|
|
que donne:
|
|
Back to top |
|
|
kernelsensei Bodhisattva
Joined: 22 Feb 2004 Posts: 5619 Location: Woustviller/Moselle/FRANCE (49.07°N;7.02°E)
|
Posted: Sun Jan 16, 2005 7:02 pm Post subject: |
|
|
pas normal ca, il devrait au moins gueuler comme quoi ua eu un su d'echoue ! _________________ $ ruby -e'puts " .:@BFegiklnorst".unpack("x4ax7aaX6ax5aX15ax4aax6aaX7ax2aX5aX8 \
axaX3ax8aX4ax6aX3aX6ax3ax3aX9ax4ax2aX9axaX6ax3aX2ax4ax3aX4aXaX12ax10aaX7a").join' |
|
Back to top |
|
|
kernelsensei Bodhisattva
Joined: 22 Feb 2004 Posts: 5619 Location: Woustviller/Moselle/FRANCE (49.07°N;7.02°E)
|
Posted: Sun Jan 16, 2005 7:06 pm Post subject: |
|
|
KarnEvil wrote: | que donne:
|
mignon to screenshot
j'aime bien la video mplayer ... AzumangaDaiOh, en plus ya Osaka ... je pense que c'est la dejentée du tas _________________ $ ruby -e'puts " .:@BFegiklnorst".unpack("x4ax7aaX6ax5aX15ax4aax6aaX7ax2aX5aX8 \
axaX3ax8aX4ax6aX3aX6ax3ax3aX9ax4ax2aX9axaX6ax3aX2ax4ax3aX4aXaX12ax10aaX7a").join' |
|
Back to top |
|
|
Darkael Veteran
Joined: 10 Aug 2004 Posts: 1321 Location: France
|
Posted: Sun Jan 16, 2005 7:20 pm Post subject: |
|
|
kernel_sensei wrote: |
mignon to screenshot
j'aime bien la video mplayer ... AzumangaDaiOh, en plus ya Osaka ... je pense que c'est la dejentée du tas |
ouaip, azumanga daioh c'est vraiment génial
Pour Deadog, normalement tu devrais obtenir:
Code: |
#ll /bin/su
-rwsr-xr-x 1 root root 25K nov 27 20:24 /bin/su*
|
Si tu n'as pas ça, essaye:
Code: |
# chmod 4755 /bin/su
|
ça résoudra peut-être ton problème |
|
Back to top |
|
|
Deadog n00b
Joined: 16 Jan 2005 Posts: 25 Location: Angers | ESEO
|
Posted: Sun Jan 16, 2005 7:21 pm Post subject: |
|
|
KarnEvil wrote: | que donne:
|
Code: | lexa@dekarion ~ $ ls -l /bin/su
-rws--x--x 1 root root 26360 jan 13 22:56 /bin/su
|
et pareil pour mount |
|
Back to top |
|
|
Deadog n00b
Joined: 16 Jan 2005 Posts: 25 Location: Angers | ESEO
|
Posted: Sun Jan 16, 2005 7:23 pm Post subject: |
|
|
KarnEvil wrote: | kernel_sensei wrote: |
mignon to screenshot
j'aime bien la video mplayer ... AzumangaDaiOh, en plus ya Osaka ... je pense que c'est la dejentée du tas |
ouaip, azumanga daioh c'est vraiment génial
Pour Deadog, normalement tu devrais obtenir:
Code: |
#ll /bin/su
-rwsr-xr-x 1 root root 25K nov 27 20:24 /bin/su*
|
Si tu n'as pas ça, essaye:
Code: |
# chmod 4755 /bin/su
|
ça résoudra peut-être ton problème |
aucun effet |
|
Back to top |
|
|
Darkael Veteran
Joined: 10 Aug 2004 Posts: 1321 Location: France
|
Posted: Sun Jan 16, 2005 7:37 pm Post subject: |
|
|
Deadog wrote: |
aucun effet |
Bon, est-ce que tu pourrais poster la ligne de ton fstab relative à / ? Ou bien ton fstab entier, pendant qu'on y est...
En fait j'avais vu pas plus tard qu'hier un thread qui regroupait les solutions au problèmes de su de ce genre, mais j'arrive plus à le retrouver . |
|
Back to top |
|
|
Deadog n00b
Joined: 16 Jan 2005 Posts: 25 Location: Angers | ESEO
|
Posted: Sun Jan 16, 2005 7:46 pm Post subject: |
|
|
Code: | # This file is edited by fstab-sync - see 'man fstab-sync' for details
# /etc/fstab: static file system information.
# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/fstab,v 1.14 2003/10/13 20:03:38 azarah Exp $
#
# noatime turns off atimes for increased performance (atimes normally aren't
# needed; notail increases performance of ReiserFS (at the expense of storage
/forums.gentoo.org/# efficiency). It's safe to drop the noatime options if you want and to
# switch between notail and tail freely.
# <fs> <mountpoint> <type> <opts> <dump/pass>
### Disque 30Go
#
/dev/hdd1 /mnt/new_place3 reiserfs defaults,noatime,nosuid,noexec,nodev 0 2
/dev/hdd2 none swap sw 0 0
/dev/hdd3 /mnt/new_place2 reiserfs defaults,noatime,nosuid,nodev,user 0 2
/dev/hdd5 /mnt/win_share vfat defaults,user,noatime,nosuid,noexec,nodev 0 0
/dev/hdd6 /home reiserfs defaults,noatime,nosuid,nodev,noexec 0 2
/dev/hdd7 /mnt/new_place1 reiserfs defaults,noatime,nosuid,nodev,user 0 2
/dev/hdd8 /mnt/gentoo1 reiserfs defaults,noatime 0 1
#
### Disque 20Go
#
#/dev/hda1 /mnt/win2k ntfs noexec,nodev,nosuid,ro,user,umask=1000 0 0
#
### Volumes logiques pwet01
#
/dev/pwet01/root01 / reiser4 defaults,noatime,nosuid,nodev 0 2
/dev/pwet01/opt01 /opt reiser4 defaults,noatime,nosuid,nodev 0 2
#
### Disque 160Go
#
/dev/hdb1 /mnt/old_root reiserfs defaults,noatime,nosuid,nodev 0 2
/dev/hdb2 /mnt/old_opt reiserfs defaults,noatime,nodev 0 2
/dev/hdb3 /mnt/suse reiserfs defaults,noatime,nodev 0 2
/dev/hdb5 /mnt/win_share2 ntfs noexec,nodev,nosuid,ro,user,umask=1000 0 0
/dev/hdb6 /mnt/suse2 reiserfs defaults,noatime,nodev 0 2
#
### Peripherique
#
/dev/fd0 /mnt/floppy vfat rw,nosuid,noexec,user,noauto 0 0
/dev/sda1 /mnt/jukebox vfat nodev,users,noauto,rw,umask=000 1 0
/dev/cdrom /mnt/graveur iso9660 ro,nosuid,auto,noexec,users 0 0
#/dev/hdc /mnt/graveur auto ro,noauto,user,noexec,nosuid 0 0
/dev/dvd /mnt/dvd auto ro,nosuid,noauto,noexec,user,nodev 0 0
#/dev/hdd /mnt/dvd auto ro,noauto,user,noexec,nosuid 0 0
#
### Virtual
#
#devpts /dev/pts devpts gid=4,mode=620 0 0
none /proc proc defaults 0 0
usbfs /proc/bus/usb usbfs defaults 0 0
none /dev/shm tmpfs defaults 0 0
# glibc 2.2 and above expects tmpfs to be mounted at /dev/shm for
# POSIX shared memory (shm_open, shm_unlink).
# (tmpfs is a dynamically expandable/shrinkable ramdisk, and will
# use almost no memory if not populated with files)
# Adding the following line to /etc/fstab should take care of this:
none /dev/shm tmpfs defaults 0 0
# Fin de /etc/fstab
|
|
|
Back to top |
|
|
Darkael Veteran
Joined: 10 Aug 2004 Posts: 1321 Location: France
|
Posted: Sun Jan 16, 2005 8:04 pm Post subject: |
|
|
Deadog wrote: | Code: |
/dev/pwet01/root01 / reiser4 defaults,noatime,nosuid,nodev 0 2 |
|
Sans vouloir m'avancer, je dirais que le nosuid est en trop ici, vu que su a besoin du bit setuid pour être lancé. |
|
Back to top |
|
|
Deadog n00b
Joined: 16 Jan 2005 Posts: 25 Location: Angers | ESEO
|
Posted: Sun Jan 16, 2005 9:12 pm Post subject: |
|
|
ça marche
merci
c'est bizarre, j'avais jamais tilté sur ces options la pourtant je l'ai souvant remanier le fstab ... |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|