When attempting to switch users with su - username on Debian systems, you might encounter:

bash: cannot set terminal process group (-1): Inappropriate ioctl for device
bash: no job control in this shell

The issue manifests specifically when:

• Using the hyphen (-) to get a login shell
• Switching from root to regular users (not vice versa)
• Occurs on both stable and testing branches

Examining the terminal device shows restrictive permissions:

$ ls -l /dev/pts/0
crw--w---- 1 root root 136, 0 Oct 10 19:21 /dev/pts/0

The crw--w---- permissions indicate only root can read/write, while the user only has write access.

Key findings from strace:

open("/dev/tty", O_RDWR|O_NONBLOCK) = -1 ENXIO
ioctl(255, TIOCGPGRP, [32561]) = -1 ENOTTY

These errors suggest the terminal device isn't properly accessible to the new user session.

The root cause lies in how pseudo-terminal (pty) devices are created and managed. Here's how to fix it:

Method 1: Temporary Workaround

Run this command as root before switching users:

chmod g+rw $(tty)
chown root:$(whoami) $(tty)

Method 2: Permanent Solution

Create a udev rule to set proper permissions:

# /etc/udev/rules.d/55-pty-perms.rules
KERNEL=="pts/[0-9]*", MODE="0620", GROUP="tty"

Then reload udev rules:

udevadm control --reload-rules

If the above doesn't work, consider these options:

# Use sudo instead of su
sudo -i -u username

# Or explicitly set the terminal
script -q /dev/null -c "su - username"

Here's a diagnostic script to check your environment:

#!/bin/bash
echo "Current TTY: $(tty)"
echo "Permissions: $(ls -l $(tty))"
echo "User groups: $(groups)"
echo "PTY owner: $(stat -c '%U:%G' $(tty))"
echo "PTY mode: $(stat -c '%a' $(tty))"

For systems experiencing this frequently, modify pam configuration:

# /etc/pam.d/su
session required pam_limits.so
session optional pam_umask.so
session required pam_env.so

---

When attempting to switch users with su - username on Debian systems, many administrators encounter this frustrating error:

bash: cannot set terminal process group (-1): Inappropriate ioctl for device
bash: no job control in this shell

The problem manifests specifically when:

• Switching from root to normal user with su -
• Occurs on both stable and testing Debian branches
• Standard PTY devices exist but process control fails

The strace output reveals key insights:

open("/dev/tty", O_RDWR|O_NONBLOCK) = -1 ENXIO
ioctl(255, TIOCGPGRP, [32561]) = -1 ENOTTY

Key findings from terminal examination:

$ ls -l /dev/pts/
crw--w---- 1 root root 136, 0 Oct 10 19:21 0
c--------- 1 root root   5, 2 Sep  7 10:50 ptmx

The core issues stem from:

1. Incorrect terminal device permissions
2. Missing job control capabilities in the shell
3. PTY device ownership problems

1. Permission Fixes

Adjust PTY device permissions:

chmod g+rw /dev/pts/*
chown root:tty /dev/pts/*

2. PAM Configuration

Edit /etc/pam.d/su:

session required pam_limits.so
session required pam_shells.so
session optional pam_keyinit.so force revoke

3. Terminal Initialization

Create /etc/profile.d/terminal_init.sh:

#!/bin/sh
if [ -t 0 ]; then
    stty sane
    stty erase ^H
    mesg n
fi

4. Alternative Login Methods

Use login instead of su:

login -f username

For persistent cases, enable detailed logging:

strace -f -o /tmp/su_trace.log su - username
journalctl -f --no-pager &

Sample /etc/securetty addition:

pts/0
pts/1
pts/2

SSH configuration adjustment (/etc/ssh/sshd_config):

UsePAM yes
UsePrivilegeSeparation yes