Unfortunately same result when ima usingJust to be sure. What about your PATH environment variable?
If you installed linux su and it appears earlier than FreeBSD's one, Linux version of su is executed (via linuxulator) and possibly want group "root".
/usr/bin/su -
.#md5sum /usr/bin/su
6b36a9ff80867fb4bee511d5af4fc31d /usr/bin/su
su - michal
. So it is not problem just for root user.Oct 23 15:15:44 x su[26165]: group not found: michal
Oct 23 15:15:48 x su[26170]: group not found: root
Oct 23 15:15:48 x syslogd: last message repeated 1 times
Oct 23 15:15:48 x su[26171]: michal to root on /dev/pts/0
Code:root@x:~ # id michal uid=1001(michal) gid=0(wheel) groups=0(wheel)
I had these same "messed up" setting on 12.4-RELEASE and always had someYour primary group is wheel, that's not good. That should be 'michal'. You probably messed up withpw usermod
trying to add the wheel group.
startx
XFCE (did investigate & asked around, alas to no avail). As per remark from SirDice (thanks!) I changed things as shown below. Now no errors on startx
.> id eric
uid=1001(eric) gid=1001(eric) groups=1001(eric),0(wheel),601(_tss)
su -
errors though, but ,as mentioned, I'm still on 12.4.Those files are effectively empty (just lines commented out).
Maybe it can helps to add new groups (michal and root). But I don't want since it was not written in any handbook. Putty is just ssh client for windows. But it's happening from another clients too.I had these same "messed up" setting on 12.4-RELEASE and always had somevagueunexplainable errors when usingstartx
XFCE (did investigate & asked around, alas to no avail). As per remark from SirDice (thanks!) I changed things as shown below. Now no errors onstartx
.
Code:> id eric uid=1001(eric) gid=1001(eric) groups=1001(eric),0(wheel),601(_tss)
Perhaps/probably not related but I thought I'd mention it. Never experienced the PuTTYsu -
errors though, but ,as mentioned, I'm still on 12.4.
Have you another user ready (or can you make that so; edit: for example, add a new user) that is able to use PuTTY and[...]Problem is also when I'm going back from root to normal usersu - michal
. So it is not problem just for root user.
su -
? Does that show the same problem? What does id <another user>
output?Yeah, there's not much in them by default (just a bunch of comments).Those files are effectively empty (just lines commented out).
You can tryCan I somehow debug the commandsu
?
truss su -
, will probably produce a LOT of output though. But it might provide some hints what it's looking for and why.Yeah, there's not much in them by default (just a bunch of comments).
You can trytruss su -
, will probably produce a LOT of output though. But it might provide some hints what it's looking for and why.
truss
on sick system showing ~4x more open("/etc/spwd.db" and open("/etc/group" than healthy systemIt's probably trying to resolve that non-existent group.~4x more open("/etc/spwd.db" and open("/etc/group" than healthy system
Check /etc/pam.d/system and /etc/pam.d/passwd. Also check /etc/login.access maybe something got mangled there.I will start to investigate here:
+:root:LOCAL
+:michal:LOCAL
+:wheel:LOCAL
+:mysql:LOCAL
+:unbound:LOCAL
+:nagios:LOCAL
+:nobody:LOCAL
+:clamav:LOCAL
-:ALL EXCEPT michal:ALL
Oct 23 18:14:47 x sudo[9490]: group not found: michal
Oct 23 18:14:53 x sudo[9494]: group not found: michal
Oct 23 18:15:06 x sudo[9555]: group not found: michal
Oct 23 18:15:10 x sudo[9565]: group not found: michal
Oct 23 18:15:11 x sudo[9568]: group not found: michal
Perhaps, isn't that "group name" what is missing from your account:[...] And root and michal strings are not group names, but name of logged user.
[...] Problem with sudo is still there (Python script running my sudo commands):
Code:Oct 23 18:14:47 x sudo[9490]: group not found: michal [...]
root@x:~ # id michal
uid=1001(michal) gid=0(wheel) groups=0(wheel)
# id eric
uid=1001(eric) gid=1001(eric) groups=1001(eric),0(wheel),601(_tss)
# pw groupshow eric -FP
Group Name: eric #1001
Members: root,_tss
That's a start. Lets walk this back.The log message presents only here (not in sudo program)
https://github.com/freebsd/...login_access.c#L191
syslog(LOG_NOTICE, "group not found: %s", username);
if ((group = getgrnam(tok)) == NULL)
errno
isn't 0), it will print the above message. The tok
variable is a string that's an argument to this function:group_match(const char *tok, const char *username)
tok
contains, in other words, what group is it trying to match/find for the user root
. It's not being found, and triggers the group not found: root
messages.kb
⇒ (primary) GID kb
is applied to root
, too, in the very same fashion. Hence you see username
in the code (because user name = group name). However, I don’t need to tell you guys, FreeBSD’s root
user does not have a (primary) group matching the login name – it is wheel
instead.+:root:LOCAL
+:michal:LOCAL
-:ALL EXCEPT michal:ALL
su -m michal -c id
root@host:/etc/pam.d # grep pam_login_access.so *
other:account required pam_login_access.so nodefgroup
sshd:account required pam_login_access.so nodefgroup
system:account required pam_login_access.so nodefgroup
telnetd:account required pam_login_access.so nodefgroup
+ : user1 user2 (group1) (group2) : ALL
group not found: root
messages from sudo and sshd. Adding the nodefgroup option to the PAM module did the trick for me.