Re: broken system after srm -r -d /tmp/.* (user login and several services not working)
Hey Sven,
first thanks for your help!
On 03/07/2008 Sven Joachim wrote:
> On 2008-07-03 11:42 +0200, Jonas Meurer wrote:
>
> >> > When I try to su to a normal user from root, I get: "Cannot execute
> >> > /bin/bash: Permission denied." The permissions for /bin/bash are ok:
> >> > -rwxr-xr-x 1 root root 797784 2008-05-12 19:00 /bin/bash
>
> Can you run su under strace and see where it fails?
Sure, I attached the output of 'strace -f su tempuser'
And as I already mentioned, I setup a clean chroot with the output of
'dpkg --get-selections' and 'debconf-get-selections', to get a system as
similar as possible to my one. I started to compare the md5sums of all
files, but so far I didn't find anything.
But I discovered something really strange. If I compare the output of
'ls -al /' on my system and in the chroot, several directory sizes seem
to be different. I thought that directorys always have a size of
4069 bytes, but apparently this is not the case:
(in chroot) # ls -al /
total 84
drwxr-xr-x 21 root root 4096 Jul 2 18:33 .
drwxr-xr-x 21 root root 4096 Jul 2 18:33 ..
drwxr-xr-x 2 root root 4096 Jul 2 18:43 bin
drwxr-xr-x 3 root root 4096 Jul 2 18:37 boot
drwxr-xr-x 16 root root 4300 Jul 3 16:22 dev
drwxr-xr-x 3 root root 4096 Jul 2 18:32 emul
drwxr-xr-x 136 root root 12288 Jul 2 19:07 etc
drwxr-xr-x 6 root root 4096 Jun 30 18:44 home
drwxr-xr-x 15 root root 4096 Jul 2 18:39 lib
lrwxrwxrwx 1 root root 20 Jul 2 18:32 lib32 -> /emul/ia32-linux/lib
lrwxrwxrwx 1 root root 4 Jul 2 17:48 lib64 -> /lib
drwxr-xr-x 2 root root 4096 Jul 2 17:49 media
drwxr-xr-x 2 root root 4096 May 18 14:37 mnt
drwxr-xr-x 2 root root 4096 Jul 2 17:49 opt
dr-xr-xr-x 126 root root 0 Jul 3 07:12 proc
drwxr-xr-x 5 root root 4096 Jul 3 16:28 root
drwxr-xr-x 2 root root 4096 Jul 2 18:38 sbin
drwxr-xr-x 2 root root 4096 Jun 7 21:35 selinux
drwxr-xr-x 3 root root 4096 Jul 2 17:51 srv
drwxr-xr-x 2 root root 4096 Jun 6 09:08 sys
drwxrwxrwt 3 root root 4096 Jul 3 16:40 tmp
drwxr-xr-x 11 root root 4096 Jul 2 18:32 usr
drwxr-xr-x 15 root root 4096 Jul 2 19:07 var
(on system) # ls -al /
total 113
drwx------ 24 root root 4096 2008-07-03 18:51 .
drwx------ 24 root root 4096 2008-07-03 18:51 ..
drwxr-xr-x 2 root root 4096 2008-06-30 22:11 bin
drwxr-xr-x 4 root root 1024 2008-06-30 22:18 boot
drwxr-xr-x 4 root root 4096 2008-07-02 19:41 chroot
drwxr-xr-x 16 root root 4300 2008-07-03 18:49 dev
drwxr-xr-x 3 root root 4096 2008-03-25 18:22 emul
drwxr-xr-x 137 root root 12288 2008-07-03 18:49 etc
drwxr-xr-x 6 root root 4096 2008-06-30 20:44 home
drwxr-xr-x 15 root root 12288 2008-07-02 20:56 lib
lrwxrwxrwx 1 root root 20 2008-03-25 18:22 lib32 -> /emul/ia32-linux/lib
lrwxrwxrwx 1 root root 4 2008-03-25 18:27 lib64 -> /lib
drwx------ 2 root root 16384 2008-03-25 17:56 lost+found
drwxr-xr-x 3 root root 4096 2008-06-30 13:30 media
drwxr-xr-x 2 root root 4096 2008-05-18 16:37 mnt
drwxr-xr-x 2 root root 4096 2008-03-25 18:08 opt
dr-xr-xr-x 123 root root 0 2008-07-03 09:12 proc
drwx------ 20 root root 4096 2008-07-03 18:40 root
drwxr-xr-x 2 root root 12288 2008-06-30 22:11 sbin
drwxr-xr-x 2 root root 4096 2008-04-03 06:39 selinux
drwxr-xr-x 3 root root 4096 2008-03-26 04:46 srv
drwxr-xr-x 11 root root 0 2008-07-03 09:12 sys
drwxrwxrwt 3 root root 4096 2008-07-03 18:40 tmp
drwxr-xr-x 11 root root 4096 2008-05-31 01:00 usr
drwxr-xr-x 16 root root 4096 2008-06-30 20:24 var
boot, lib, sbin and sys all have very strange sizes on my system, don't
they?
greetings,
jonas
execve("/bin/su", ["su", "tempuser"], [/* 16 vars */]) = 0
brk(0) = 0x60c000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1828297000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1828295000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=93053, ...}) = 0
mmap(NULL, 93053, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f182827e000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/libpam.so.0", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\"\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=42368, ...}) = 0
mmap(NULL, 2137584, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1827e73000
mprotect(0x7f1827e7d000, 2093056, PROT_NONE) = 0
mmap(0x7f182807c000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9000) = 0x7f182807c000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/libpam_misc.so.0", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \20\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=10928, ...}) = 0
mmap(NULL, 2106256, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1827c70000
mprotect(0x7f1827c72000, 2097152, PROT_NONE) = 0
mmap(0x7f1827e72000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f1827e72000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\342"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1379632, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f182827d000
mmap(NULL, 3486328, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f182791c000
mprotect(0x7f1827a66000, 2097152, PROT_NONE) = 0
mmap(0x7f1827c66000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14a000) = 0x7f1827c66000
mmap(0x7f1827c6b000, 17016, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f1827c6b000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20\16\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=14616, ...}) = 0
mmap(NULL, 2109728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1827718000
mprotect(0x7f182771a000, 2097152, PROT_NONE) = 0
mmap(0x7f182791a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f182791a000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f182827c000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f182827b000
arch_prctl(ARCH_SET_FS, 0x7f182827b6e0) = 0
mprotect(0x7f1827c66000, 12288, PROT_READ) = 0
munmap(0x7f182827e000, 93053) = 0
brk(0) = 0x60c000
brk(0x62d000) = 0x62d000
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2706912, ...}) = 0
mmap(NULL, 2706912, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f1827483000
close(3) = 0
getuid() = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
readlink("/proc/self/fd/0", "/dev/tty1", 4095) = 9
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
readlink("/proc/self/fd/0", "/dev/tty1", 511) = 9
access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDWR|0x80000 /* O_??? */) = 3
fcntl(3, F_GETFD) = 0x1 (flags FD_CLOEXEC)
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
lseek(3, 0, SEEK_SET) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x7f1827a1dc10, [], SA_RESTORER, 0x7f182794df40}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\10\0\0\0d\7\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\2\0\0\0\0\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\1\0\0\0002N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\10\0\0\0L\20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\10\36\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
fcntl(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
close(3) = 0
getuid() = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
open("/etc/nsswitch.conf", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=513, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1828294000
read(3, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 513
read(3, "", 4096) = 0
close(3) = 0
munmap(0x7f1828294000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=93053, ...}) = 0
mmap(NULL, 93053, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f182827e000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/libnss_compat.so.2", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\22\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=31536, ...}) = 0
mmap(NULL, 2127088, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f182727b000
mprotect(0x7f1827282000, 2093056, PROT_NONE) = 0
mmap(0x7f1827481000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f1827481000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/libnsl.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@@\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=88968, ...}) = 0
mmap(NULL, 2194096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1827063000
mprotect(0x7f1827078000, 2093056, PROT_NONE) = 0
mmap(0x7f1827277000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14000) = 0x7f1827277000
mmap(0x7f1827279000, 6832, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f1827279000
close(3) = 0
munmap(0x7f182827e000, 93053) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=93053, ...}) = 0
mmap(NULL, 93053, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f182827e000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/libnss_nis.so.2", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20 \0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=43472, ...}) = 0
mmap(NULL, 2139352, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1826e58000
mprotect(0x7f1826e62000, 2093056, PROT_NONE) = 0
mmap(0x7f1827061000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9000) = 0x7f1827061000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/libnss_files.so.2", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\37\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=47520, ...}) = 0
mmap(NULL, 2143528, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1826c4c000
mprotect(0x7f1826c56000, 2097152, PROT_NONE) = 0
mmap(0x7f1826e56000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa000) = 0x7f1826e56000
close(3) = 0
munmap(0x7f182827e000, 93053) = 0
open("/etc/passwd", O_RDONLY|0x80000 /* O_??? */) = 3
fcntl(3, F_GETFD) = 0x1 (flags FD_CLOEXEC)
lseek(3, 0, SEEK_CUR) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=1760, ...}) = 0
mmap(NULL, 1760, PROT_READ, MAP_SHARED, 3, 0) = 0x7f1828294000
lseek(3, 1760, SEEK_SET) = 1760
munmap(0x7f1828294000, 1760) = 0
close(3) = 0
stat("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/etc/pam.d/su", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2305, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1828294000
read(3, "#\n# The PAM configuration file f"..., 4096) = 2305
open("/lib/security/pam_rootok.so", O_RDONLY) = 4
read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240\5\0"..., 832) = 832
fstat(4, {st_mode=S_IFREG|0644, st_size=4512, ...}) = 0
mmap(NULL, 2099880, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x7f1826a4b000
mprotect(0x7f1826a4c000, 2093056, PROT_NONE) = 0
mmap(0x7f1826c4b000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0) = 0x7f1826c4b000
close(4) = 0
open("/etc/ld.so.cache", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=93053, ...}) = 0
mmap(NULL, 93053, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7f1828264000
close(4) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/libselinux.so.1", O_RDONLY) = 4
read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 U\0\0\0"..., 832) = 832
fstat(4, {st_mode=S_IFREG|0644, st_size=105368, ...}) = 0
mmap(NULL, 2205272, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x7f1826830000
mprotect(0x7f1826849000, 2093056, PROT_NONE) = 0
mmap(0x7f1826a48000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x18000) = 0x7f1826a48000
mmap(0x7f1826a4a000, 1624, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f1826a4a000
close(4) = 0
open("/etc/selinux/config", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=591, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1828293000
read(4, "# This file controls the state o"..., 4096) = 591
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f1828293000, 4096) = 0
statfs("/selinux", {f_type="EXT2_SUPER_MAGIC", f_bsize=4096, f_blocks=4807077, f_bfree=3644582, f_bavail=3400394, f_files=1221600, f_ffree=1017271, f_fsid={-2090876615, 720132864}, f_namelen=255, f_frsize=4096}) = 0
open("/proc/mounts", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1828293000
read(4, "rootfs / rootfs rw 0 0\nnone /sys"..., 1024) = 1024
read(4, "ors=continue,data=ordered 0 0\nfu"..., 1024) = 1024
read(4, "var/lib/schroot/mount/resivo_clo"..., 1024) = 207
read(4, "", 1024) = 0
close(4) = 0
munmap(0x7f1828293000, 4096) = 0
munmap(0x7f1828264000, 93053) = 0
open("/lib/security/pam_env.so", O_RDONLY) = 4
read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\v\0\0\0"..., 832) = 832
fstat(4, {st_mode=S_IFREG|0644, st_size=11768, ...}) = 0
mmap(NULL, 2107136, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x7f182662d000
mprotect(0x7f1826630000, 2093056, PROT_NONE) = 0
mmap(0x7f182682f000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x2000) = 0x7f182682f000
close(4) = 0
open("/lib/security/pam_mail.so", O_RDONLY) = 4
read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@\n\0\0\0"..., 832) = 832
fstat(4, {st_mode=S_IFREG|0644, st_size=9096, ...}) = 0
mmap(NULL, 2104464, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x7f182642b000
mprotect(0x7f182642d000, 2093056, PROT_NONE) = 0
mmap(0x7f182662c000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x1000) = 0x7f182662c000
close(4) = 0
stat("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/etc/pam.d/common-auth", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=436, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1828293000
read(4, "#\n# /etc/pam.d/common-auth - aut"..., 4096) = 436
open("/lib/security/pam_unix.so", O_RDONLY) = 5
read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320)\0\0"..., 832) = 832
fstat(5, {st_mode=S_IFREG|0644, st_size=49536, ...}) = 0
mmap(NULL, 2194152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7f1826213000
mprotect(0x7f182621f000, 2093056, PROT_NONE) = 0
mmap(0x7f182641e000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0xb000) = 0x7f182641e000
mmap(0x7f182641f000, 47848, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f182641f000
close(5) = 0
open("/etc/ld.so.cache", O_RDONLY) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=93053, ...}) = 0
mmap(NULL, 93053, PROT_READ, MAP_PRIVATE, 5, 0) = 0x7f1828264000
close(5) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/libcrypt.so.1", O_RDONLY) = 5
read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\n\0\0"..., 832) = 832
fstat(5, {st_mode=S_IFREG|0644, st_size=39112, ...}) = 0
mmap(NULL, 2322880, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7f1825fdb000
mprotect(0x7f1825fe3000, 2097152, PROT_NONE) = 0
mmap(0x7f18261e3000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x8000) = 0x7f18261e3000
mmap(0x7f18261e5000, 184768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f18261e5000
close(5) = 0
munmap(0x7f1828264000, 93053) = 0
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f1828293000, 4096) = 0
stat("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/etc/pam.d/common-account", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=392, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1828293000
read(4, "#\n# /etc/pam.d/common-account - "..., 4096) = 392
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f1828293000, 4096) = 0
stat("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/etc/pam.d/common-session", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=372, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1828293000
read(4, "#\n# /etc/pam.d/common-session - "..., 4096) = 372
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f1828293000, 4096) = 0
read(3, "", 4096) = 0
close(3) = 0
munmap(0x7f1828294000, 4096) = 0
open("/etc/pam.d/other", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=520, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1828294000
read(3, "#\n# /etc/pam.d/other - specify t"..., 4096) = 520
stat("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/etc/pam.d/common-auth", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=436, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1828293000
read(4, "#\n# /etc/pam.d/common-auth - aut"..., 4096) = 436
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f1828293000, 4096) = 0
stat("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/etc/pam.d/common-account", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=392, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1828293000
read(4, "#\n# /etc/pam.d/common-account - "..., 4096) = 392
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f1828293000, 4096) = 0
stat("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/etc/pam.d/common-password", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=1212, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1828293000
read(4, "#\n# /etc/pam.d/common-password -"..., 4096) = 1212
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f1828293000, 4096) = 0
stat("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/etc/pam.d/common-session", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=372, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1828293000
read(4, "#\n# /etc/pam.d/common-session - "..., 4096) = 372
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f1828293000, 4096) = 0
read(3, "", 4096) = 0
close(3) = 0
munmap(0x7f1828294000, 4096) = 0
open("/etc/passwd", O_RDONLY|0x80000 /* O_??? */) = 3
lseek(3, 0, SEEK_CUR) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=1760, ...}) = 0
mmap(NULL, 1760, PROT_READ, MAP_SHARED, 3, 0) = 0x7f1828294000
lseek(3, 1760, SEEK_SET) = 1760
munmap(0x7f1828294000, 1760) = 0
close(3) = 0
open("/etc/shells", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=167, ...}) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=167, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1828294000
read(3, "# /etc/shells: valid login shell"..., 4096) = 167
read(3, "", 4096) = 0
close(3) = 0
munmap(0x7f1828294000, 4096) = 0
rt_sigaction(SIGINT, {SIG_IGN}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGQUIT, {SIG_IGN}, {SIG_DFL}, 8) = 0
getuid() = 0
open("/proc/filesystems", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1828294000
read(3, "nodev\tsysfs\nnodev\trootfs\nnodev\tb"..., 1024) = 266
read(3, "", 1024) = 0
close(3) = 0
munmap(0x7f1828294000, 4096) = 0
getuid() = 0
open("/etc/passwd", O_RDONLY|0x80000 /* O_??? */) = 3
lseek(3, 0, SEEK_CUR) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=1760, ...}) = 0
mmap(NULL, 1760, PROT_READ, MAP_SHARED, 3, 0) = 0x7f1828294000
lseek(3, 1760, SEEK_SET) = 1760
munmap(0x7f1828294000, 1760) = 0
close(3) = 0
open("/etc/shadow", O_RDONLY|0x80000 /* O_??? */) = 3
lseek(3, 0, SEEK_CUR) = 0
fstat(3, {st_mode=S_IFREG|0640, st_size=1180, ...}) = 0
mmap(NULL, 1180, PROT_READ, MAP_SHARED, 3, 0) = 0x7f1828294000
lseek(3, 1180, SEEK_SET) = 1180
munmap(0x7f1828294000, 1180) = 0
close(3) = 0
rt_sigaction(SIGINT, {SIG_DFL}, {SIG_IGN}, 8) = 0
rt_sigaction(SIGQUIT, {SIG_DFL}, {SIG_IGN}, 8) = 0
open("/etc/login.defs", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=10909, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1828294000
read(3, "#\n# /etc/login.defs - Configurat"..., 4096) = 4096
read(3, "mesg y\" command.\n\nTTYGROUP\ttty\nT"..., 4096) = 4096
read(3, "en when not logged in on the con"..., 4096) = 2717
read(3, "", 4096) = 0
close(3) = 0
munmap(0x7f1828294000, 4096) = 0
open("/etc/localtime", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2295, ...}) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=2295, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1828294000
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\10\0"..., 4096) = 2295
lseek(3, -1458, SEEK_CUR) = 837
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\t\0\0\0\t\0\0"..., 4096) = 1458
close(3) = 0
munmap(0x7f1828294000, 4096) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2295, ...}) = 0
getpid() = 17402
socket(PF_FILE, SOCK_DGRAM, 0) = 3
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sa_family=AF_FILE, path="/dev/log"}, 110) = -1 EPROTOTYPE (Protocol wrong type for socket)
close(3) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sa_family=AF_FILE, path="/dev/log"}, 110) = 0
sendto(3, "<86>Jul 3 18:55:21 su[17402]: S"..., 66, MSG_NOSIGNAL, NULL, 0) = 66
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2295, ...}) = 0
sendto(3, "<86>Jul 3 18:55:21 su[17402]: +"..., 52, MSG_NOSIGNAL, NULL, 0) = 52
setgid(1002) = 0
open("/proc/sys/kernel/ngroups_max", O_RDONLY) = 4
read(4, "65536\n", 31) = 6
close(4) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 4
fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(4, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(4) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 4
fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(4, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(4) = 0
open("/etc/group", O_RDONLY|0x80000 /* O_??? */) = 4
lseek(4, 0, SEEK_CUR) = 0
fstat(4, {st_mode=S_IFREG|0644, st_size=1020, ...}) = 0
mmap(NULL, 1020, PROT_READ, MAP_SHARED, 4, 0) = 0x7f1828294000
lseek(4, 1020, SEEK_SET) = 1020
fstat(4, {st_mode=S_IFREG|0644, st_size=1020, ...}) = 0
munmap(0x7f1828294000, 1020) = 0
close(4) = 0
setgroups(1, [1002]) = 0
open("/etc/security/pam_env.conf", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=2980, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1828294000
read(4, "#\n# This is the configuration fi"..., 4096) = 2980
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f1828294000, 4096) = 0
open("/etc/environment", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=21, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1828294000
read(4, "LC_CTYPE=de_DE.UTF-8\n", 4096) = 21
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f1828294000, 4096) = 0
open("/etc/security/pam_env.conf", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=2980, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1828294000
read(4, "#\n# This is the configuration fi"..., 4096) = 2980
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f1828294000, 4096) = 0
open("/etc/default/locale", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=17, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1828294000
read(4, "LANG=en_US.UTF-8\n", 4096) = 17
read(4, "", 4096) = 0
close(4) = 0
munmap(0x7f1828294000, 4096) = 0
getuid() = 0
access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDWR|0x80000 /* O_??? */) = 4
lseek(4, 0, SEEK_SET) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x7f1827a1dc10, [], SA_RESTORER, 0x7f182794df40}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl(4, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(4, "\10\0\0\0d\7\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(4, "\2\0\0\0\0\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(4, "\1\0\0\0002N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(4, "\10\0\0\0L\20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(4, "\7\0\0\0\10\36\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
fcntl(4, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
close(4) = 0
getuid() = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2295, ...}) = 0
sendto(3, "<86>Jul 3 18:55:21 su[17402]: p"..., 101, MSG_NOSIGNAL, NULL, 0) = 101
setuid(1002) = 0
close(3) = 0
clone(Process 17413 attached
child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f182827b770) = 17413
[pid 17402] rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], NULL, 8) = 0
[pid 17402] rt_sigaction(SIGTERM, {0x402420, [], SA_RESTORER, 0x7f182794df40}, NULL, 8) = 0
[pid 17402] rt_sigprocmask(SIG_UNBLOCK, [ALRM TERM], NULL, 8) = 0
[pid 17402] wait4(-1, Process 17402 suspended
<unfinished ...>
[pid 17413] execve("/bin/bash", ["bash"], [/* 16 vars */]) = -1 EACCES (Permission denied)
[pid 17413] open("/usr/share/locale/locale.alias", O_RDONLY) = -1 EACCES (Permission denied)
[pid 17413] open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 EACCES (Permission denied)
[pid 17413] open("/usr/share/locale/en_US.utf8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 EACCES (Permission denied)
[pid 17413] open("/usr/share/locale/en_US/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 EACCES (Permission denied)
[pid 17413] open("/usr/share/locale/en.UTF-8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 EACCES (Permission denied)
[pid 17413] open("/usr/share/locale/en.utf8/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 EACCES (Permission denied)
[pid 17413] open("/usr/share/locale/en/LC_MESSAGES/shadow.mo", O_RDONLY) = -1 EACCES (Permission denied)
[pid 17413] dup(2) = 3
[pid 17413] fcntl(3, F_GETFL) = 0x8001 (flags O_WRONLY|O_LARGEFILE)
[pid 17413] close(3) = 0
[pid 17413] open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 EACCES (Permission denied)
[pid 17413] open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 EACCES (Permission denied)
[pid 17413] open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 EACCES (Permission denied)
[pid 17413] open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 EACCES (Permission denied)
[pid 17413] open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 EACCES (Permission denied)
[pid 17413] open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 EACCES (Permission denied)
[pid 17413] write(2, "Cannot execute /bin/bash: Permis"..., 44Cannot execute /bin/bash: Permission denied
) = 44
[pid 17413] exit_group(126) = ?
Process 17402 resumed
Process 17413 detached
<... wait4 resumed> [{WIFEXITED(s) && WEXITSTATUS(s) == 126}], WSTOPPED, NULL) = 17413
getuid() = 1002
stat("/etc/localtime", 0x7fff302962f0) = -1 EACCES (Permission denied)
open("/etc/localtime", O_RDONLY) = -1 EACCES (Permission denied)
socket(PF_FILE, SOCK_DGRAM, 0) = 3
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sa_family=AF_FILE, path="/dev/log"}, 110) = -1 EACCES (Permission denied)
close(3) = 0
munmap(0x7f1826a4b000, 2099880) = 0
munmap(0x7f182662d000, 2107136) = 0
munmap(0x7f182642b000, 2104464) = 0
munmap(0x7f1826213000, 2194152) = 0
munmap(0x7f1826830000, 2205272) = 0
munmap(0x7f1825fdb000, 2322880) = 0
exit_group(126) = ?
Process 17402 detached
Reply to: