[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SU bug?

From: Bob Proulx
Subject: Re: SU bug?
Date: Mon, 12 Feb 2001 11:00:22 -0700

> If you change te rights of the /bin/su file to someting like 750 you can't
> login. If you change the richts back to the default settings you still can't
> login.
> SU reports the password is incorrect but it isn't.
> I tested it on RedHat 6.2 and 7.0. What is going wrong in su?

Hopefully you mean that you can't 'su', not 'login'.  Login is a
completely different program.  But it makes sense that you can't su
with permissions 750.

Nothing is going wrong with su except you do not have the permissions
set correctly.  The proper permissions for su include suid-root, the
super user account, so that it has permission to switch you from your
current user id to the user id you are requesting to be switched to.
It needs superuser permission to do that.

Secondly on systems that use shadow passwords not even the encrypted
user password is visible to programs unless you are root.  This
prevents offline cracking of the password file.  This is likely why
the program reports the password being incorrect.  But even if you
used traditional visible encrypted passwords the su would fail to
switch users if it did not have superuser permission.

The fileutils install commands will set this correctly upon initial
install.  But of course you need to be root to do the install.  You
mentioned Redhat.  You can test your installation with the -V, verify,
command to rpm.  There should be no output.  Any output indicates
errors in the installation as compared to "the way it should be".

  rpm -V sh-utils

You could just fix the permissions.  You need to be root to do this:

  chown root:root /bin/su
  chmod 4755 /bin/su

Forcing a reinstall of that package should also solve your problem.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]