Bringing this here now that Scott Andrews has pointed me towards the source of why users could not su on my new system: loss of suid.
In the past I have not usually run what was in 'Stripping Again' because my CFLAGS drop debug information. But I've now started to allow that in elfutils (to get the tests to pass), so I know that at least those libs could be stripped. What has happened on this build is that all of the bin programs lost the suid bit, i.e. /bin/{mount,ping,ping6,su,umount} /usr/bin/{chage,chfn,chsh,expiry,gpasswd,newgidmap}} /usr/bin/{newgidmap,newgrp,newuidmap,passwd,wall} Since nobody else has reported this for the moment, I'm merely reporting iti, not attempting to fix the book. In my own script for Stripping Again I've now added chmod -v 4755 /bin/{mount,ping,ping6,su,umount} chmod -v 4755 /usr/bin/{chage,chfn,chsh,expiry,gpasswd} chmod -v 4755 /usr/bin/{newgidmap,newgrp,newuidmap,passwd} chmod -v 6755 /usr/bin/wall Which should ensure that all the suid binaries are correct after stripping. ĸen -- He died at the console, of hunger and thirst. Next day he was buried, face-down, nine-edge first. - the perfect programmer -- http://lists.linuxfromscratch.org/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page