I am encountering an odd problem with su. Up until quite recently I was able to connect to one of my servers (CentOS-5.2) via ssh as an ordinary user and then, from the shell, perform an $ su -l to obtain root access. Now when I try to do this I see the following: $ su -l Password: su: incorrect password If, instead of I ssh to this machine as the root user ($ ssh -l root host) and enter exactly the same password from the same keyboard then I log in successfully as root. I have made no conscious changes to the target system configuration files and I know that the first method, logging in as a normal user and then su -l to root, was working just a few days ago. Review of the man and info pages does not enlighten me as to what might be wrong. The log file says this: Jan 14 12:00:22 inet01 sshd[15433]: Accepted password for myuser from x.x.x.x port 53458 ssh2 Jan 14 12:00:22 inet01 sshd[15433]: pam_unix(sshd:session): session opened for user myuser by (uid=0) Jan 14 12:00:32 inet01 su: pam_unix(su-l:auth): authentication failure; logname=myuser uid=500 euid=500 tty=pts/8 ruser=myuser rhost= user=root Any ideas as to what might be happening here and how I might fix it? Regards, -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
James B. Byrne wrote:> Any ideas as to what might be happening here and how I might fix it?It's a long shot but check that /bin/su is setuid ?>From a 5.1 system:-rwsr-xr-x 1 root root 24060 Mar 21 2007 /bin/su nate
On Wed Jan 14 17:16:01 UTC 2009, nate centos at linuxpowered.net wrote:> It's a long shot but check that /bin/su is setuid ? > > From a 5.1 system: > > -rwsr-xr-x 1 root root 24060 Mar 21 2007 /bin/suThis is what I have on that host: # ll /bin/su -rwxr-xr-x 1 root root 24120 May 24 2008 /bin/su su -l runs ok. It prompts for a password, but it invariably fails saying that the wrong password has been entered. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
I noticed that the suid mode was missing and set it with chmod u+s /usr/bin/su. Now the permissions are: $ ll $(which su) -rwsr-xr-x 1 root root 24120 May 24 2008 /bin/su And now su -l works for ordinary users. Thank you very much. I am certain that I have not been changing file modes in /usr/bin, ever. Does anyone have any idea how this change could occur? Where would a file mode change be logged, if at all? Thanks. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
James B. Byrne wrote on Wed, 14 Jan 2009 16:11:52 -0500 (EST):> Does anyone have any idea how this change could occur?There are some security tools that could be configured to reset SUID bits on files in certain paths with their default templates. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com