Su command error Su: permission denied [How to Solve]

The Su command reports an error Su: permission denied , whether it is an Su ordinary user or root , this error will be reported. It can be determined that the password is correct, because SSH can log in normally, and root User Su other users are normal.

[[email protected] ~]$ su -
Password: 
su: Permission denied

Compared with normal hosts, Su commands have normal permissions and s permissions.

[[email protected] ~]$ ll /usr/bin/su
-rwsr-xr-x 1 root root 32128 Oct 1 2020 /usr/bin/su

In fact, the first thing you should think of when you eliminate the problems of password error, password expiration and user locking is the PAM module. PAM (pluggable authentication modules) is responsible for the login authentication of many applications in the system, including sshd , vsftpd , Su , etc. For example, SSH login authentication configuration file is /etc/PAM. D/sshd users can configure corresponding authentication rules as needed. You can also configure PAM authentication for your other applications.

View PAM authentication configuration for Su

[[email protected] ~]# cd /etc/pam.d
[[email protected] pam.d]# cat su
#%PAM-1.0
auth            sufficient      pam_rootok.so

# Uncomment the following line to implicitly trust users in the "wheel" group.

auth            sufficient      pam_wheel.so trust use_uid

# Uncomment the following line to require a user to be in the "wheel" group.

auth           required        pam_wheel.so use_uid
auth            substack        system-auth
auth            include         postlogin
account         sufficient      pam_succeed_if.so uid = 0 use_uid quiet
account         include         system-auth
password        include         system-auth
session         include         system-auth
session         include         postlogin
session         optional        pam_xauth.so

Solution:

Su’s PAM configuration file contains auth required PAM_ wheel.so use_ Uid according to the instructions in the previous sentence, to use the Su command, the user must be in the wheel user group, while my ordinary user is not in the wheel user group. There are two ways to solve this problem. One is to comment the line, and the other is to add ordinary users to the wheel group.

Similar Posts: