RHEL users get error "could not open session" when trying to su

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux (RHEL) - multiple versions

Issue

I have several RHEL boxes that are posting the following error when the users try to su or sudo to another UID.

I can ssh into the box without any problem as root or as my regular user, but when I try to su or sudo to another UID we get the error.

[root]# su - testuser
could not open session

There is nothing in the logs that indicates why this is happening. I've rebooted the box and performed an fsck on the partitions to verify that they are all good.

Resolution

Permissions on /etc/pam.d/system-auth were incorrect.

The default permissions are:

lrwxrwxrwx. 1 root root 14 Aug 23  2012 /etc/pam.d/system-auth -> system-auth-ac

Diagnostic Steps

We ran an strace on su and noticed the following:

open("/etc/pam.d/system-auth", O_RDONLY) = -1 EACCES (Permission denied)

We then changed the permissions on the file and now it works correctly.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.