su produces a "su: incorrect password' error with valid password

Solution Verified - Updated -

Issue

  • Local users can no longer use 'su' command to get root rights.
  • Users cannot escalate to root user using su using valid password.
  • It is possible to login as root user directly but not possible to escalate to root using su.
  • Users cannot use su - command to switch user getting "su: Authentication failure".
Aug 11 17:01:49 testserver unix_chkpwd[1234]: check pass; user unknown
Aug 11 17:01:49 testserver unix_chkpwd[1234]: password check failed for user (testuser)
Aug 11 17:01:49 testserver su: pam_unix(su-l:auth): authentication failure; logname=redhat uid=40110 euid=40110 tty=pts/1 ruser=redhat rhost=  user=testuser
  • Only this generic message is generated in logs which is the same as supplying the wrong password:

    Dec 14 16:49:57 testserver su(pam_unix)[23992]: authentication failure; logname=test uid=500 euid=500 tty=pts/2 ruser=test rhost=  user=root
    
  • Only this generic message is generated in logs which is the same as supplying the wrong password

  • Being root you can use su to switch to another user, but regular users are not able to run su

    • RHEL7/8/9:

      [user@localhost ~]$ su
      Password:
      su: Authentication failure
      
      [user@localhost ~]$ su user2
      Password:
      su: Authentication failure
      
    • RHEL4/5/6:

      [user@localhost ~]$ su
      Password:
      su:  incorrect password
      
      [user@localhost ~]$ su user2
      Password:
      su:  incorrect password
      

Environment

  • Red Hat Enterprise Linux 9
  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 4
  • pam
  • su

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content