<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font face="Carlito">Hi all,<br>
<br>
Running as an ordinary user, straight from the beginning.<br>
<br>
Is the (default) suid of/usr/bin/su causing this? <br>
<br>
Anyway: the info requested:<br>
<br>
/var/log/secure will tell:<br>
Nov 24 11:04:11 fedora23-server su: pam_systemd(su:session):
Cannot create session: Already running in a session<br>
Nov 24 11:04:11 fedora23-server su: pam_unix(su:session): session
opened for user root by testuser(uid=10005)<br>
<br>
De pam.d files are from a clean fresh Fedora23 install and
ipa-client-install afterwards:<br>
<br>
/etc/pam.d/su<br>
#%PAM-1.0<br>
auth sufficient pam_rootok.so<br>
# Uncomment the following line to implicitly trust users in the
"wheel" group.<br>
#auth sufficient pam_wheel.so trust use_uid<br>
# Uncomment the following line to require a user to be in the
"wheel" group.<br>
#auth required pam_wheel.so use_uid<br>
auth substack system-auth<br>
auth include postlogin<br>
account sufficient pam_succeed_if.so uid = 0 use_uid
quiet<br>
account include system-auth<br>
password include system-auth<br>
session include system-auth<br>
session include postlogin<br>
session optional pam_xauth.so<br>
<br>
/etc/pam.d/postlogin<br>
#%PAM-1.0<br>
# This file is auto-generated.<br>
# User changes will be destroyed the next time authconfig is run.<br>
session [success=1 default=ignore] pam_succeed_if.so service
!~ gdm* service !~ su* quiet<br>
session [default=1] pam_lastlog.so nowtmp silent<br>
session optional pam_lastlog.so silent noupdate
showfailed<br>
<br>
/etc/pam.d/system-auth<br>
#%PAM-1.0<br>
# This file is auto-generated.<br>
# User changes will be destroyed the next time authconfig is run.<br>
auth required pam_env.so<br>
auth [default=1 success=ok] pam_localuser.so<br>
auth [success=done ignore=ignore default=die] pam_unix.so
nullok try_first_pass<br>
auth requisite pam_succeed_if.so uid >= 1000
quiet_success<br>
auth sufficient pam_sss.so forward_pass<br>
auth required pam_deny.so<br>
<br>
account required pam_unix.so<br>
account sufficient pam_localuser.so<br>
account sufficient pam_succeed_if.so uid < 1000 quiet<br>
account [default=bad success=ok user_unknown=ignore]
pam_sss.so<br>
account required pam_permit.so<br>
<br>
password requisite pam_pwquality.so try_first_pass
local_users_only retry=3 authtok_type=<br>
password sufficient pam_unix.so sha512 shadow nullok
try_first_pass use_authtok<br>
password sufficient pam_sss.so use_authtok<br>
password required pam_deny.so<br>
<br>
session optional pam_keyinit.so revoke<br>
session required pam_limits.so<br>
-session optional pam_systemd.so<br>
session optional pam_oddjob_mkhomedir.so umask=0077<br>
session [success=1 default=ignore] pam_succeed_if.so service
in crond quiet use_uid<br>
session required pam_unix.so<br>
session optional pam_sss.so<br>
<br>
</font><br>
<div class="moz-cite-prefix">Op 24-11-15 om 10:37 schreef Jakub
Hrozek:<br>
</div>
<blockquote cite="mid:20151124093733.GY12432@hendrix" type="cite">
<pre wrap="">re you running su as an ordinary user or root? What does appear in
/var/log/secure when you run su ?
Can you show what is the /etc/pam.d/su config and the config of the
service that is included from /etc/pam.d/su ? (typically system-auth)
</pre>
</blockquote>
<br>
</body>
</html>