Re: [Scottish] Help with SU
Phillip Bennett wrote: > Apparently when the permissinos are set as : rwxr-xr-x root named 60480 > Apr 10 2006 /bin/su it's not a good thing. Because su needs suid permissions to be able to set the uid to the one you are wanting. > Thanks for all the help though. It has been a very weird problem. With > random permissions like this though, I think it might be time to rebuild. > Has anyone seen this type of thing before? Have you run some sort of hardening script that removes suid/guid bits from scripts/programs on your system (such as bastille?) - this will remove normal user functionality from programs such as ping etc. Running su under sudo would have worked fine as you were running su as root and not as you. ___ Scottish mailing list Scottish@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/scottish
RE: [Scottish] Help with SU
Hi Kyle, Yes, I removed winbind from the nsswitch.conf. That was one of the first places I checked. I have found a post on another error I recieved and have found that something has reset the permissions on the su executable. I actually thought I'd have tried to su to another valid user, but evidently I hadn't. I thought I'd try it again today and I got another error (su: cannot set groups: Operation not permitted) Apparently when the permissinos are set as : rwxr-xr-x root named 60480 Apr 10 2006 /bin/su it's not a good thing. Goodness knows what the hell has happened, but I set the permissions back to: -rwsr-xr-x 1 root root 60480 Apr 10 2006 /bin/su And it's working again. Thanks for all the help though. It has been a very weird problem. With random permissions like this though, I think it might be time to rebuild. Has anyone seen this type of thing before? Phil. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Gordon Sent: 30 March 2007 16:01 To: SLUG-list Subject: Re: [Scottish] Help with SU Have you removed winbindd from nsswitch.conf? Kyle Phillip Bennett wrote: > Colin, > > As much as it appears I'm an idiot, yes I have logged in on the > console successfully. I also changed the root password more than once > to make sure it was not 'forgotten'. > > Thanks so far, > Phil. > > PS: here is the su pam file for mark: > > #%PAM-1.0 > auth sufficient /lib/security/$ISA/pam_rootok.so > # Uncomment the following line to implicitly trust users in the "wheel" > group. > #auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid > # Uncomment the following line to require a user to be in the "wheel" group. > #auth required /lib/security/$ISA/pam_wheel.so use_uid > auth required /lib/security/$ISA/pam_stack.so service=system-auth > accountrequired /lib/security/$ISA/pam_stack.so service=system-auth > password required /lib/security/$ISA/pam_stack.so service=system-auth > # pam_selinux.so close must be first session rule > sessionrequired /lib/security/$ISA/pam_selinux.so close > sessionrequired /lib/security/$ISA/pam_stack.so service=system-auth > # pam_selinux.so open and pam_xauth must be last two session rules > sessionrequired /lib/security/$ISA/pam_selinux.so open > sessionoptional /lib/security/$ISA/pam_xauth.so > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Colin > McKinnon > Sent: 30 March 2007 13:34 > To: [EMAIL PROTECTED]; SLUG-list > Subject: Re: [Scottish] Help with SU > > On Thursday 29 March 2007 14:47, Phillip Bennett wrote: > > >> However, now I can't su to root. It gives me a 'wrong password' error. >> Fortunately, I can still use 'sudo su -' to get root. >> >> > > What makes you think you've not just forgotten the password? Have you > tried logging in on the console? > > C. > > > ___ > Scottish mailing list > Scottish@mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/scottish > > > ___ > Scottish mailing list > Scottish@mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/scottish > > ___ Scottish mailing list Scottish@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/scottish ___ Scottish mailing list Scottish@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/scottish
Re: [Scottish] Help with SU
Have you removed winbindd from nsswitch.conf? Kyle Phillip Bennett wrote: Colin, As much as it appears I'm an idiot, yes I have logged in on the console successfully. I also changed the root password more than once to make sure it was not 'forgotten'. Thanks so far, Phil. PS: here is the su pam file for mark: #%PAM-1.0 auth sufficient /lib/security/$ISA/pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. #auth required /lib/security/$ISA/pam_wheel.so use_uid auth required /lib/security/$ISA/pam_stack.so service=system-auth accountrequired /lib/security/$ISA/pam_stack.so service=system-auth password required /lib/security/$ISA/pam_stack.so service=system-auth # pam_selinux.so close must be first session rule sessionrequired /lib/security/$ISA/pam_selinux.so close sessionrequired /lib/security/$ISA/pam_stack.so service=system-auth # pam_selinux.so open and pam_xauth must be last two session rules sessionrequired /lib/security/$ISA/pam_selinux.so open sessionoptional /lib/security/$ISA/pam_xauth.so -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colin McKinnon Sent: 30 March 2007 13:34 To: [EMAIL PROTECTED]; SLUG-list Subject: Re: [Scottish] Help with SU On Thursday 29 March 2007 14:47, Phillip Bennett wrote: However, now I can't su to root. It gives me a 'wrong password' error. Fortunately, I can still use 'sudo su -' to get root. What makes you think you've not just forgotten the password? Have you tried logging in on the console? C. ___ Scottish mailing list Scottish@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/scottish ___ Scottish mailing list Scottish@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/scottish ___ Scottish mailing list Scottish@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/scottish
RE: [Scottish] Help with SU
Colin, As much as it appears I'm an idiot, yes I have logged in on the console successfully. I also changed the root password more than once to make sure it was not 'forgotten'. Thanks so far, Phil. PS: here is the su pam file for mark: #%PAM-1.0 auth sufficient /lib/security/$ISA/pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. #auth required /lib/security/$ISA/pam_wheel.so use_uid auth required /lib/security/$ISA/pam_stack.so service=system-auth accountrequired /lib/security/$ISA/pam_stack.so service=system-auth password required /lib/security/$ISA/pam_stack.so service=system-auth # pam_selinux.so close must be first session rule sessionrequired /lib/security/$ISA/pam_selinux.so close sessionrequired /lib/security/$ISA/pam_stack.so service=system-auth # pam_selinux.so open and pam_xauth must be last two session rules sessionrequired /lib/security/$ISA/pam_selinux.so open sessionoptional /lib/security/$ISA/pam_xauth.so -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colin McKinnon Sent: 30 March 2007 13:34 To: [EMAIL PROTECTED]; SLUG-list Subject: Re: [Scottish] Help with SU On Thursday 29 March 2007 14:47, Phillip Bennett wrote: > > However, now I can't su to root. It gives me a 'wrong password' error. > Fortunately, I can still use 'sudo su -' to get root. > What makes you think you've not just forgotten the password? Have you tried logging in on the console? C. ___ Scottish mailing list Scottish@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/scottish ___ Scottish mailing list Scottish@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/scottish
Re: [Scottish] Help with SU
On Thursday 29 March 2007 14:47, Phillip Bennett wrote: > > However, now I can't su to root. It gives me a 'wrong password' error. > Fortunately, I can still use 'sudo su -' to get root. > What makes you think you've not just forgotten the password? Have you tried logging in on the console? C. ___ Scottish mailing list Scottish@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/scottish
RE: [Scottish] Help with SU
Hi Colin, Yep. Did that. Then again, very slowly. And then with just my left hand while facing North and singing Kumbaya. No use so far. Glad you mentioned it though. Phil. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colin Shorts Sent: 30 March 2007 01:18 To: [EMAIL PROTECTED]; SLUG-list Subject: Re: [Scottish] Help with SU -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm not one to overlook the obvious, but... have you tried resetting the root password yet? Colin Phillip Bennett wrote: > Hi all, > > I've had a server of mine set up for a while now and had added it to > the ADS domain here so it could authenticate from there. All was > successful, until I changed the internal DNS here recently (BIND). > Basically it stuffed the ADS relationship from the hostname change (as > far as I can tell). I removed the winbind daemon and stopped it > trying to authenticate throught the AD domain. Also, I removed it from the ADS domain. > > However, now I can't su to root. It gives me a 'wrong password' error. > Fortunately, I can still use 'sudo su -' to get root. > > Can anyone shed any light on why this would happen? Or at least where > to look? I've checked the PAM files and the nsswitch.conf. There's > nothing in any of the logs (messages, secure etc..) I'm completely > stumped. I thought I knew how logging in worked, but I guess I've > missed something fairly important. > > Any and all help appreciated. > > Thanks, > Phil. > > > ___ > Scottish mailing list > Scottish@mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/scottish > > -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGDFct2FUq0eKXklARAv6jAKCh2Ap/RnQYxfwN2qp0vcdUxVLsHwCg0OBm tJOu9hCjCii9jsVdHYhNwsc= =IG4p -END PGP SIGNATURE- ___ Scottish mailing list Scottish@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/scottish ___ Scottish mailing list Scottish@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/scottish
Re: [Scottish] Help with SU
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm not one to overlook the obvious, but... have you tried resetting the root password yet? Colin Phillip Bennett wrote: > Hi all, > > I've had a server of mine set up for a while now and had added it to the ADS > domain here so it could authenticate from there. All was successful, until > I changed the internal DNS here recently (BIND). Basically it stuffed the > ADS relationship from the hostname change (as far as I can tell). I removed > the winbind daemon and stopped it trying to authenticate throught the AD > domain. Also, I removed it from the ADS domain. > > However, now I can't su to root. It gives me a 'wrong password' error. > Fortunately, I can still use 'sudo su -' to get root. > > Can anyone shed any light on why this would happen? Or at least where to > look? I've checked the PAM files and the nsswitch.conf. There's nothing in > any of the logs (messages, secure etc..) I'm completely stumped. I thought > I knew how logging in worked, but I guess I've missed something fairly > important. > > Any and all help appreciated. > > Thanks, > Phil. > > > ___ > Scottish mailing list > Scottish@mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/scottish > > -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGDFct2FUq0eKXklARAv6jAKCh2Ap/RnQYxfwN2qp0vcdUxVLsHwCg0OBm tJOu9hCjCii9jsVdHYhNwsc= =IG4p -END PGP SIGNATURE- ___ Scottish mailing list Scottish@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/scottish
[Scottish] Help with SU
Hi all, I've had a server of mine set up for a while now and had added it to the ADS domain here so it could authenticate from there. All was successful, until I changed the internal DNS here recently (BIND). Basically it stuffed the ADS relationship from the hostname change (as far as I can tell). I removed the winbind daemon and stopped it trying to authenticate throught the AD domain. Also, I removed it from the ADS domain. However, now I can't su to root. It gives me a 'wrong password' error. Fortunately, I can still use 'sudo su -' to get root. Can anyone shed any light on why this would happen? Or at least where to look? I've checked the PAM files and the nsswitch.conf. There's nothing in any of the logs (messages, secure etc..) I'm completely stumped. I thought I knew how logging in worked, but I guess I've missed something fairly important. Any and all help appreciated. Thanks, Phil. ___ Scottish mailing list Scottish@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/scottish
