1

I have Ubuntu 14.04 server on which I can't use anything that relies on su. This manifests in inability to restart services or even switch users.

root@ci-web1:~# su - mxx
su: Authentication failure

My /var/log/auth.log shows:

Oct 10 11:14:15 ci-web1 su[19709]: PAM unable to dlopen(pam_rootok.so): /lib/security/pam_rootok.so: cannot open shared object file: No such file or directory
Oct 10 11:14:15 ci-web1 su[19709]: PAM adding faulty module: pam_rootok.so
Oct 10 11:14:15 ci-web1 su[19709]: PAM unable to dlopen(pam_unix.so): /lib/security/pam_unix.so: cannot open shared object file: No such file or directory
Oct 10 11:14:15 ci-web1 su[19709]: PAM adding faulty module: pam_unix.so
Oct 10 11:14:15 ci-web1 su[19709]: pam_authenticate: Authentication failure
Oct 10 11:14:15 ci-web1 su[19709]: FAILED su for mxx by root
Oct 10 11:14:15 ci-web1 su[19709]: - /dev/pts/0 root:mxx

Both of those files are present in /lib/x86_64-linux-gnu/security/. I don't understand why it's looking in /lib/security/.

How to correct this problem?

Mxx
  • 2,362
  • 2
  • 28
  • 40
  • 1
    Take a look on `/etc/pam.d`, maybe the libs are being refered there. – ThoriumBR Oct 10 '14 at 16:58
  • @ThoriumBR, unfortunately there are no references to that path anywhere in `/etc/pam.d/`. Question for others: why are there 2 votes to close this question? – Mxx Oct 10 '14 at 18:15
  • @Mxx: Probably because it fits better at unix.stackexchange.com. Close includes move votes. – Christopher Perrin Oct 10 '14 at 21:30
  • You can work around it by creating soft links for the required files under /lib/security or, if /lib/security doesn't exist, soft link the directory. – Andy Oct 11 '14 at 00:22
  • @Andy creating symlinks didn't work. – Mxx Oct 11 '14 at 04:59

1 Answers1

3

After much digging through strace output and trial and error, the culprit was found. At some point during package updates a dependency link broke between the login package and the libpcre3 module. After reinstalling that specific module to restore the dependency link su is now working again.

Mxx
  • 2,362
  • 2
  • 28
  • 40
  • 2
    Thanks!!! this worked for me: "apt-get install libpcre3 login", packages updated and problems gone! ;-) – mzalazar Jan 31 '15 at 09:19
  • 1
    A little bit more information on this using `LD_DEBUG=all su`: ``` libselinux.so.1: error: symbol lookup error: undefined symbol: pcre_free_study (fatal) file=/lib/x86_64-linux-gnu/security/pam_rootok.so [0]; destroying link map ... ``` – azat Apr 22 '15 at 09:11
  • @azat I don't understand. Are you asking something? – Mxx Apr 22 '15 at 13:22
  • @Mxx, no, just adding a little note for this issue. – azat Apr 22 '15 at 22:08