首页 › RedHat/Centos论坛 › CentOS 7下Authentication failure问题

龙枪传承 發表於 2020-9-21 19:16:00

CentOS 7下Authentication failure问题

<p>今天在CentOS中配置Hadoop的时候突然遇到使用普通用户无法切换到root用户的问题，即输入</p>
<pre name="code" class="prettyprint"><code class="hljs ruby has-numbering"><span class="hljs-variable">$ su -</span></code></pre>
<ul class="pre-numbering">
<li>1</li>
</ul>
<p>提示输入密码后无法切换到root用户，而是提示如下错误：</p>
<pre name="code" class="prettyprint"><code class="language-bash hljshas-numbering">su: Authentication failure</code></pre>
<ul class="pre-numbering">
<li>1</li>
</ul>
<p><img src="https://img-blog.csdn.net/20150909181737230" alt="这里写图片描述" title=""></p>
<p>好好地怎么出现这个问题了呢，百度了一下午基本上都是这个答案：</p>
<pre name="code" class="prettyprint"><code class="hljs bash has-numbering">这个问题产生的原因是由于ubuntu系统默认是没有激活root用户的，需要我们手工进行操作，在命令行界面下，或者在终端中输入如下命令：

$ <span class="hljs-built_in">sudo passwd root

系统提示输入当前用户密码：
然后输入新的root密码：
确认新密码：
系统提示更新成功，OK！
</span></code></pre>
<ul class="pre-numbering">
<li>1</li>
<li>2</li>
<li>3</li>
<li>4</li>
<li>5</li>
<li>6</li>
<li>7</li>
<li>8</li>
<li>9</li>
</ul>
<p>虽然说的都是ubuntu系统，但死马当活马医，姑且照着做吧。</p>
<p>我先登录普通用户，输入</p>
<pre name="code" class="prettyprint"><code class="hljs bash has-numbering">$ <span class="hljs-built_in">sudo passwd root</span></code></pre>
<ul class="pre-numbering">
<li>1</li>
</ul>
<p>系统提示当前用户不在sudoers中，即没有权限。<br>那么换成root用户登录。这里要说明一下，我的系统普通用户和root用户分别登录都没有问题，问题是不能通过su命令切换。<br>在root用户下编辑sudoers文件：</p>
<pre name="code" class="prettyprint"><code class="hljs vala has-numbering"><span class="hljs-preprocessor"># vim /etc/sudoers
</span></code></pre>
<ul class="pre-numbering">
<li>1</li>
<li>2</li>
</ul>
<p>在文件中添加如下语句，这里的njupt是我的普通用户：</p>
<pre name="code" class="prettyprint"><code class="language-bash hljshas-numbering"><span class="hljs-comment"># Allow njupt
njupt ALL=(ALL) ALL</span></code></pre>
<ul class="pre-numbering">
<li>1</li>
<li>2</li>
</ul>
<p>保存，系统会提示文件是只读的，需要输入！强制保存，照做。</p>
<p>再试试这个命令</p>
<pre name="code" class="prettyprint"><code class="hljs bash has-numbering">$ <span class="hljs-built_in">sudo passwd root</span></code></pre>
<ul class="pre-numbering">
<li>1</li>
</ul>
<p>发现还是不行，会提示如下错误：</p>
<pre name="code" class="prettyprint"><code class="language-bash hljshas-numbering"><span class="hljs-built_in">sudo: effective uid is not <span class="hljs-number">0, is <span class="hljs-built_in">sudo installed setuid root?</span></span></span></code></pre>
<ul class="pre-numbering">
<li>1</li>
</ul>
<p>这是因为sudo命令没有S（setuid)权限，因此其他用户执行sudo命令时，报上面错误。可以这样理解setuid权限：当一个具有可执行权限的文件设置SetUID权限后，其他用户执行这个文件时将以这个文件的所有者的身份进行执行。</p>
<p>为sudo命令设置setuid权限</p>
<pre name="code" class="prettyprint"><code class="hljs bash has-numbering">$ chmod u+s/usr/bin/<span class="hljs-built_in">sudo</span></code></pre>
<ul class="pre-numbering">
<li>1</li>
</ul>
<p>然后看一下</p>
<pre name="code" class="prettyprint"><code class="hljs bash has-numbering">$ ll | grep <span class="hljs-built_in">sudo
-rwsrwxrwx. <span class="hljs-number">1 root root    <span class="hljs-number">130720 Mar<span class="hljs-number">6<span class="hljs-number">2015 <span class="hljs-built_in">sudo</span></span></span></span></span></span></code></pre>
<ul class="pre-numbering">
<li>1</li>
<li>2</li>
</ul>
<p>有了S权限以后再试试这个命令</p>
<pre name="code" class="prettyprint"><code class="hljs bash has-numbering">$ <span class="hljs-built_in">sudo passwd root</span></code></pre>
<ul class="pre-numbering">
<li>1</li>
</ul>
<p>发现提示信息改变了：</p>
<pre name="code" class="prettyprint"><code class="hljs bash has-numbering">$ <span class="hljs-built_in">sudo passwd root
<span class="hljs-built_in">sudo: /etc/sudoers is world writable
<span class="hljs-built_in">sudo: no valid sudoers sources found, quitting
<span class="hljs-built_in">sudo: unable to initialize policy plugin</span></span></span></span></code></pre>
<ul class="pre-numbering">
<li>1</li>
<li>2</li>
<li>3</li>
<li>4</li>
</ul>
<p>这两条是新的错误信息</p>
<pre name="code" class="prettyprint"><code class="hljs http has-numbering"><span class="hljs-attribute">sudo: <span class="hljs-string">no valid sudoers sources found, quitting
<span class="hljs-attribute">sudo: <span class="hljs-string">unable to initialize policy plugin</span></span></span></span></code></pre>
<ul class="pre-numbering">
<li>1</li>
<li>2</li>
</ul>
<p>这是因为sudoers 文件的权限不对，正常的权限应该是440(r–r—–)，我是因为之前瞎折腾的时候修改过这个文件的权限。现在改回来</p>
<pre name="code" class="prettyprint"><code class="hljs haskell has-numbering"><span class="hljs-preprocessor"># chmod 440 /etc/sudoers

<span class="hljs-preprocessor"># ll | grep sudo
-rw-r<span class="hljs-comment">-----.1 root root   1786 Mar62015 sudo.conf
-r<span class="hljs-comment">--r-----.1 root root   4035 Sep 10 04:31 sudoers
<span class="hljs-title">drwxr-x<span class="hljs-comment">---.2 root root      6 Mar62015 sudoers.d
-rw-r<span class="hljs-comment">-----.1 root root   3181 Mar62015 sudo-ldap.conf</span></span></span></span></span></span></span></code></pre>
<ul class="pre-numbering">
<li>1</li>
<li>2</li>
<li>3</li>
<li>4</li>
<li>5</li>
<li>6</li>
<li>7</li>
</ul>
<p>再一次执行这个命令</p>
<pre name="code" class="prettyprint"><code class="language-bash hljshas-numbering">$ <span class="hljs-built_in">sudo passwd root
[<span class="hljs-built_in">sudo] password <span class="hljs-keyword">for njupt:
Changing password <span class="hljs-keyword">for user root.
New password:
BAD PASSWORD: The password is shorter than <span class="hljs-number">8 characters
Retype new password:
passwd: all authentication tokens updated successfully.</span></span></span></span></span></code></pre>
<ul class="pre-numbering">
<li>1</li>
<li>2</li>
<li>3</li>
<li>4</li>
<li>5</li>
<li>6</li>
<li>7</li>
</ul>
<p>successfully！难道这样就可以了？试试</p>
<pre name="code" class="prettyprint"><code class="language-bash hljshas-numbering">$ su -
Password:
su: Authentication failure</code></pre>
<ul class="pre-numbering">
<li>1</li>
<li>2</li>
<li>3</li>
</ul>
<p>绝望了好吧。。。</p>
<p>网上还有一种说法，说用这个命令：</p>
<pre name="code" class="prettyprint"><code class="hljs bash has-numbering">$ <span class="hljs-built_in">sudo su</span></code></pre>
<ul class="pre-numbering">
<li>1</li>
</ul>
<p>代替su命令。我试了一下，确实可以，而且不需要输入root密码，而是要输入普通用户的密码</p>
<pre name="code" class="prettyprint"><code class="language-bash hljshas-numbering">$ <span class="hljs-built_in">sudo su
[<span class="hljs-built_in">sudo] password <span class="hljs-keyword">for njupt:
<span class="hljs-comment"># </span></span></span></span></code></pre>
<ul class="pre-numbering">
<li>1</li>
<li>2</li>
<li>3</li>
</ul>
<p>到此为止切换用户的问题算是解决了，但出现Authentication failure的根本原因还是不知道，而且su命令仍然无法使用。</p>
<p>以前明明是可以的（泪奔~）。</p><br><br>
来源：https://www.cnblogs.com/telwanggs/p/13707646.html

查看完整版本: CentOS 7下Authentication failure问题