Pivotal Knowledge Base

Follow

Connecting to a user (via su) results in errors such as "could not open session", "incorrect password", or "su: cannot set groups: Operation not permitted"

Environment

Product Version
Pivotal Greenplum (GPDB) 4.3.x
OS RHEL 6.x, DCA v1, DCA v2, DCA v3

Symptom

Attempting to su (connect as a different user) on a server via an OS user (not root), results in the error "could not open session" , "incorrect password", or "su: cannot set groups: Operation not permitted".

[gpadmin@mdw ~]$ su - 
Password:
"su: cannot set groups: Operation not permitted"
[gpadmin@mdw ~]$ su - gpadmin
Password:
could not open session
[gpadmin@mdw ~]$ su - root
Password:
su: incorrect password

The same issue is not visible when the su is run via the root user.

Cause

The issue noted above is caused due to the alteration of the permission of su executable from its default permission (rwsr-xr-x).

The server where the su is erroring out has the permission set as follows.

[[root@mdw ~]# ls -ltr /bin/su
-rwsrwxrwx 1 root root 28336 Mar 14  2012 /bin/su
[root@mdw ~]#

Resolution

Set the correct permission for the su executable, using the following command:

chmod u+s /bin/su

This ensures that su is executed with the special privileges that are inherited from the program owner (which is root) and retry the command with any OS users other than root.

 

Comments

Powered by Zendesk