lynn- sorry, i wasn't ignoring anything.
i guess i just didn't say it. but i did EXACTLY what you suggested. i logged in as ROOT (via lshd), and typed "chmod +411 /usr/local/bin/su" after this i logged out, went back to and reconnected, and logged back in as the user. trying "SU" gave me the same password error message. sorry for the misunderstand. i don't want you to think that i was ignoring your advice, i wasn't. i guess my reply didn't make it clear that i had followed your suggestion to the letter, and that it didn't change the error message. that's when i went and looked at the /etc/shadow file and tried chaning it's permissions, and that's when the error message changed. so. to be clear. I logged in as ROOT. i entered "CHMOD +4111 /usr/local/bin/su". i logged out. i logged back in as the user. i entered "su". i entered the root password. the error message was NOT CHANGED. so, then i changed read permission on /etc/shadow (as root) now, instead of getting and "su: incorrect password" error message, i get an "su: cannot set groups: Operation not permitted" error message. are you implying with your comments that the second error message is also indicative of a problem with the permissions under which su is running? i also didn't think about the issue of making the password file available to anyone that logs in. certainly, that is not a good idea. but "chmod +4111 /path/to/su" executed as root, did not change the error/problem. thanks for your - ted -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Lynn Avants Sent: Thursday, May 29, 2003 8:57 AM To: [EMAIL PROTECTED] Subject: Re: [leaf-user] lshd / additional users on bering - su command On Thursday 29 May 2003 09:25 am, Theodore Wynnychenko wrote: > > any other ideas on login or su? > > As 'root', do: > chmod +4111 /path/to/su > > If 'su' isn't run suid, then most likely /etc/shadow isn't > being read because 'su' is running as your non-root user. > -- > ~Lynn Avants > Linux Embedded Appliance Firewall Developer > > ----------------- > > ok, i tried chmod, still get the password incorrect reply from su. > > the output of "ls -l" of su didn't change after chmod. it is and was: > > ls -l > > -rwxr-xr-x 1 root root 9504 May 17 18:24 > > this is what I see when logged in as the user (not root). if i read it > correctly > (without consulting my book), i think it should be executable by anybody, > and is. Yes, it is executable by anybody, but runs as the user calling it and can't read the necessary root-only readable files. You have to set the permissions for the binary to run as root (suid bit) regardless of the user calling it. I told you only root could change the binary permissions ('> As 'root', do:'), so your either going to have to login as root to fix this or modify your system so anyone with access under any reason can get all password information from you box. This is a file-permissions 101 question, I gave you the correct information to fix it with last post...either you can use it or ignore it, I really don't care. -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 ------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html