After a recent (~1 day ago) update, su implementation changed from shadow to util-linux package. As a result, su'ing from one non-root user to another non-root user using a password of the second one no longer works. more info here: https://forums.gentoo.org/viewtopic-t-1147120.html
emerge --info sys-apps/util-linux?
Created attachment 764482 [details] emerge --info sys-apps/util-linux attached.
Is the user invoking su a member of the "wheel" group?
no
/etc/pam.d/su has this by default: > auth sufficient pam_rootok.so > auth required pam_wheel.so use_uid > auth include system-auth This means you must be a member of the "wheel" group to use su. You can add "root_only" to the pam_wheel.so line to make this a requirement only when switching to the "root" user. If you don't want to use the wheel group at all, just remove pam_wheel.so from /etc/pam.d/su.
> You can add "root_only" to the pam_wheel.so line to make this a requirement > only when switching to the "root" user. That worked -- thanks. Probably worth to become the default?
(In reply to Vadim from comment #6) > Probably worth to become the default? No, I think we will stick with the pam_wheel default.