Join Log in
Score:7
Alakananda S avatar Ubuntu

Can't use su command to interactively login as another user

cw flag
Alakananda S

I am currently using ubuntu 20.04 machine. I created a user with password using the useradd command. I need to change the PATH variable of that user. So i used su - <username> to interactivelly login to the user's shell. When it asked for the password, I provided the password of the user. But I am getting the below error.

ubuntu@ip-172-31-49-109:~$ su - harry
Password: 
su: Authentication failure

Does anyone know how can I fix this and how I acn change the PATH variable of the user

1034
2 + 3
su
waltinator avatar
it flag
waltinator
`su` is old, inflexible, and has been superseded by `sudo`. With `sudo`, what you want to do is trivial. Also `adduser` supersedes `useradd`. Read `man sudo sudoers adduser`.
3
Reply
hr flag
steeldriver
Did you set the user's password after account creation (using `passwd` or `chpasswd` for example), or did you set it using the `-p` option of `useradd`? If the latter, did you remember to hash the password first (using something like `openssl passwd -stdin -6 <<< 'thepassword'`)?
0
Reply
cn flag
Barmar
Are you able to login normally as that user?
0
Reply
Score:7
Raffa avatar Ubuntu
jp flag
Raffa

I created a user with password using the useradd command.

Ok, I will take your word for that ... i.e. you attempted to create a new user with a password using only useradd ... Trying to imagine how you attempted that ... Probably using the -p, --password option and provided PASSWORD as plain text like so:

$ sudo useradd -p PASSWORD harry

Well, that is not going to work as the password provided should be an encrypted password as stated in man useradd:

 -p, --password PASSWORD

The encrypted password, as returned by crypt(3).
The default is to disable the password.

Note: This option is not recommended because the password
(or encrypted password) will be visible by users listing the processes.

You should make sure the password respects the system's password policy.

Therefore, the password you type(which will be hashed/encrypted before comparing to the stored user's password "hash") is not actually the password stored on/expected by the system and the error su: Authentication failure is actually what it it means as the password cannot be authenticated/matched this way ... su - harry should work fine if you change the password using sudo passwd harry then try su - harry afterwords.

Furthermore, as also stated in the man useradd excerpt above, this is not the recommended way of setting a password for the user.

The recommended way is to use passwd after creating the user to set a password like so:

sudo passwd harry

This is the method used by adduser ... Which is a front-end user friendly Perl script to useradd that you can inspect with:

cat /usr/sbin/adduser

to find out that it does that by calling the passwd system executable in this code excerpt:

.
.
.
    if ($ask_passwd) {
    for (;;) {
       my $passwd = &which('passwd');
    # do _not_ use systemcall() here, since systemcall() dies on
    # non-zero exit code and we need to do special handling here!
      system($passwd, $new_name);
    my $ok = $?>>8;
    if ($ok != 0) {
.
.
.

Aftermath:

After using useradd(without using and providing valid/proper arguments to the -d, -m and -s options) to create your new user i.e. NOT like so:

sudo useradd -s /bin/bash -d /home/harry -m harry

Then, you probably most likely will end up with no home directory for the new user and with dash(The default for /bin/sh as defined in useradd -D) and not bash as your new user's default login shell ... Therefore, you might want to:

  1. Create a home directory for the new user the right way like so:

    sudo mkhomedir_helper harry

  2. Change the login shell for the new user to bash like so:

    sudo chsh -s /bin/bash harry

Next time you create a new user, use adduser instead as it is a user friendly command and will take care of all the above.

+ 4
Alakananda S avatar
cw flag
Alakananda S
Thanks for the answer Raffa. But it seems it opens an interactive non-login shell of the user. Eventhough I have added the -d (home directory) option with the useradd command, when i am trying to login using su - harry, it gave me the error, "su: warning: cannot change directory to /home/school/harry/: No such file or directory" and opens an intercative non -login shell. I actually wanted to open an interactive login shell of the user. Can you please guide me ?
0
Reply
Raffa avatar
jp flag
Raffa
@AlakanandaS `useradd` doesn’t create a home directory for the user among other things … You figured that out already … The other thing you need to know is the default shell might be `dash`(*/bin/sh*) and not `bash` so you might need to change your shell with `chsh` … `useradd -D` should print the default shell assigned by default … and `echo $0` should print your current shell.
0
Reply
Alakananda S avatar
cw flag
Alakananda S
I have changed the shell to /bin/bash and checked the /etc/passwd file. but i can see that the home directory is listed there (harry:x:1002:1003::/home/school/harry/:/bin/bash) . But why when i am trying to login, it is saying that the directory is not created? Also Interestingly, I tried to create a different user using 'adduser' command, and tried to login using su - <username>, it works perfectly as expected. An interactive login shell is opened for the user. Can you tell me why this happens when I use the useradd command?
0
Reply
Raffa avatar
jp flag
Raffa
@AlakanandaS The `-d` option of `useradd` specify the home directory yes … But, doesn’t create it if it doesn’t exist “please see the manual page” … You will need to create it in the specified path :)
2
Reply
Score:5
Artur Meinild avatar Ubuntu
vn flag
Artur Meinild

You can use the following command:

sudo -i -u harry

If it asks for a password, type in your own password (not harry's). Because of this, it will allow you to log in to user accounts with no password set (such as root by default).

Parameters (from man sudo):

-i Run the shell specified by the target user's password database entry as a login shell. This means that login-specific resource files such as .profile or .login will be read by the shell.

-u Run the command as a user other than the default target user (usually root).

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.