On Thursday 29 May 2003 10:11 am, Theodore Wynnychenko wrote: > lynn- > > sorry, i wasn't ignoring anything. > > i guess i just didn't say it. but i did EXACTLY what you suggested. > > i logged in as ROOT (via lshd), and typed "chmod +411 /usr/local/bin/su" > > after this i logged out, went back to and reconnected, and logged back in > as the user. trying "SU" gave me the same password error message.
It was "chmod +4111 /usr/local/bin/su", with 4 numerals...the prefix is the suid/guid/sticky column. > sorry for the misunderstand. i don't want you to think that i was ignoring > your advice, i wasn't. i guess my reply didn't make it clear that i had > followed your suggestion to the letter, and that it didn't change the error > message. that's when i went and looked at the /etc/shadow file and tried > chaning it's permissions, and that's when the error message changed. That is because the binary is running as your user, not 'root'. You didn't say you tried this as 'root', but rather as a non-root user that doesn't have permissions to change root/root owned files. Su is owned by 'root/root' correct??? > so. to be clear. I logged in as ROOT. i entered "CHMOD +4111 > /usr/local/bin/su". > i logged out. i logged back in as the user. i entered "su". i entered > the root password. the error message was NOT CHANGED. > > so, then i changed read permission on /etc/shadow (as root) > > now, instead of getting and "su: incorrect password" error message, i get > an "su: cannot set groups: Operation not permitted" error message. > > are you implying with your comments that the second error message is also > indicative of a problem with the permissions under which su is running? > > i also didn't think about the issue of making the password file available > to anyone that logs in. certainly, that is not a good idea. but "chmod > +4111 /path/to/su" > executed as root, did not change the error/problem. > > thanks for your - ted Still indicates that the owner/permissions are wrong, otherwise it would be able to read /etc/shadow and /etc/groups. Changing permissions on /etc/shadow is a _big_ security risk. Ok, the permissions for /bin/su on my box are: ls -al /bin/su -rwsr-xr-x 1 root root 22904 Apr 26 14:50 /bin/su The "s" in the owner column is for 'suid', which the command I gave you sets. Su _must_ run as root and w/o the suid bit set the command runs as the user calling the binary. I don't know what to say.... I've tried it on my machine and it works. No problem with the time, I just want to see it work as well...... -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 ------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
