Su command error Su: permission denied [How to Solve]

The Su command reports an error Su: permission denied , whether it is an Su ordinary user or root , this error will be reported. It can be determined that the password is correct, because SSH can log in normally, and root User Su other users are normal.

[user01@my-linux ~]$ su -
su: Permission denied

Compared with normal hosts, Su commands have normal permissions and s permissions.

[user01@my-linux ~]$ ll /usr/bin/su
-rwsr-xr-x 1 root root 32128 Oct 1 2020 /usr/bin/su

In fact, the first thing you should think of when you eliminate the problems of password error, password expiration and user locking is the PAM module. PAM (pluggable authentication modules) is responsible for the login authentication of many applications in the system, including sshd , vsftpd , Su , etc. For example, SSH login authentication configuration file is /etc/PAM. D/sshd users can configure corresponding authentication rules as needed. You can also configure PAM authentication for your other applications.

View PAM authentication configuration for Su

[root@my-linux ~]# cd /etc/pam.d
[root@my-linux pam.d]# cat su
auth            sufficient

# Uncomment the following line to implicitly trust users in the "wheel" group.

auth            sufficient trust use_uid

# Uncomment the following line to require a user to be in the "wheel" group.

auth           required use_uid
auth            substack        system-auth
auth            include         postlogin
account         sufficient uid = 0 use_uid quiet
account         include         system-auth
password        include         system-auth
session         include         system-auth
session         include         postlogin
session         optional


Su’s PAM configuration file contains auth required PAM_ use_ Uid according to the instructions in the previous sentence, to use the Su command, the user must be in the wheel user group, while my ordinary user is not in the wheel user group. There are two ways to solve this problem. One is to comment the line, and the other is to add ordinary users to the wheel group.

Similar Posts: