Re: su doesn't work "Authentication failure"
- To: email@example.com
- Subject: Re: su doesn't work "Authentication failure"
- From: "Dennis G. Wicks" <firstname.lastname@example.org>
- Date: Thu, 31 Jan 2008 23:10:28 -0600
- Message-id: <47A2A9C4.email@example.com>
- In-reply-to: <firstname.lastname@example.org>
- References: <email@example.com> <firstname.lastname@example.org>
Kevin Buhr wrote the following on 01/31/2008 12:50 PM:
> paul <email@example.com> writes:
>> It is possible to do 'su someuser' from root but it's not possible to
>> get back to root then using just 'su' or change from a normal user to
>> another user account.
> [ . . . ]
>> Jan 31 15:44:18 myserver su: (pam_unix) authentication failure;
>> logname= uid=1000 euid=1000 tty=pts/4 ruser=myuser rhost= user=root
> The "euid=1000" should read "euid=0": your "su" is running as the
> invoking user, so it fails for non-root users. The most likely
> explanation is that "/bin/su" doesn't have the setuid flag set, so
> that would be the first thing to check. (If the setuid bit *is* set,
> the problem may be that your root partition has been mounted with the
> "nosuid" mount flag or something.)
> If you have a logical explanation for the missing bit, great,
> otherwise good security practice would suggest that you give a little
> thought before restoring setuid bits on files where it has
> mysteriously disappeared. If your version of the "login" package is
> the latest official Etch version 1:188.8.131.52-7, then "md5sum /bin/su"
From aptitude show login ==>> 1:184.108.40.206-7 <<==
> should give:
> 1381ae1ac77b512258657b096522bb6a /bin/su
c80fc747e24fa8bfa099cbef0bfb926f /bin/su <<==
from md5sum /bin/su
> If your Etch version matches mine but the md5 doesn't, you might start
> to get pretty worried.
What should I be worried about and start looking for?
BTW, nobody can get access to my system unless they
break into my house, and that hasn't happened. I even
did a reinstall of the login package just to make sure
the above was right!