Can't SU ROOT in terminal

lhoff · 03-14-2002, 09:41 PM

When I try to become superuser root, I get the error
File Size limit exceeded

and am then dumped back to the command line as my regular user ID.

What gives?

isajera · 03-15-2002, 12:51 AM

Quote:

Originally posted by lhoff

What gives?

good question. that's a really weird error to get on su. what command are you using, exactly? whenever i go to root, i just type

su
*password*

and that's it.

Mik · 03-15-2002, 02:26 AM

It's probably something to do with ulimit. Maybe it's reached the maximum limit so it can't write to the log files anymore. But I thought the ulimit couldn't be set for the user root. I can't find anything about that in the man pages though so maybe it is possible. Try ulimit -a to see what all your limits are set to.

lhoff · 03-15-2002, 09:05 AM

Quote:

Originally posted by Mik
Try ulimit -a to see what all your limits are set to.

ulimit -a
core file size (blocks) 0
data seg size (kbytes) unlimited
file size (blocks) 100000
max locked memory (kbytes) unlimited
max memory size (kbytes) unlimited
open files 1024
pipe size (512 bytes) 8
stack size (kbytes) unlimited
cpu time (seconds) unlimited
max user processes 256
virtual memory (kbytes) unlimited

Nothing really obvious sticks out to me: do you see something?

Thanks!

Sixpax · 03-15-2002, 09:31 AM

Are you able to login as root from a console?

lhoff · 03-15-2002, 09:44 AM

Yes, fortunately.

But, I can't login as the superuser in an X terminal. This is seriously cramping my style!

Thanks!

Sixpax · 03-15-2002, 09:54 AM

What happens when you do the following:

1) su

2) su -

3) su -c "date"

4) su - -c "date"

5) su - -s /bin/ksh (if you have ksh installed)

Mik · 03-15-2002, 10:09 AM

Well syslogd most likely gets run as root so if that is root's ulimit then that would only happen if one of your log files is larger then a 100MB. But most likely you rotate your log files anyways so they would never get that big.
I don't know what else it could be, do your log files maybe give some more detailed info?

lhoff · 03-15-2002, 10:41 AM

1) su
Gives me the password prompt. If I enter the password for root, it says "File size limit exceeded" and drops me back to the command prompt as regular user.

2) su -
Same as above.

3) su -c "date"
Same.

4) su - -c "date"
Same.

5) su - -s /bin/ksh (if you have ksh installed)
Same.

isajera · 03-15-2002, 01:10 PM

ok... i think i've found something. it has to do with the core file size...

i was reading about a old hacking method where a user would crash a program with root privledges, and use the core file output to gain root access. to prevent this, core file size is set to 0. i'm not sure about how secure it is to do this, but if you're not on a security critical system, try setting the core file size to 1024 or something, and see if that works.

i'll keep looking to see if i can find anything else.

lhoff · 03-15-2002, 01:47 PM

Okay, this is getting wierd:

I don't know how to change the core file size, so I did man ulimit to learn how and got

<standard input>:15: can't open `bash.1': No such file or directory

followed by a man page for BASH_BUILTINS (1)

Am I missing something critical here? And, since I can't get a man page, how do I change the core file size?

Sixpax · 03-15-2002, 02:30 PM

Wow! It almost seems like a problem with the bash shell. I thought the "su - -s /bin/ksh" would check to see if a different shell would work, but now I'm wondering if it still goes through a bash shell before it invokes the korn shell. If it is bash, I don't understand why you can login from a console as root.

Do you have any problem su'ing to a generic user (who also uses bash)?

lhoff · 03-15-2002, 03:24 PM

Hhhhmmmmm....

I can su as another user. But, when I type exit, the following happens:

exit
Bus error

and I get back to the command prompt as myself. After that, su sameuserasbefore responds just like root:

File size limit exceeded

and doesn't let me become the superuser. At this rate, I'll rapidly confine myself to my own identity only.

Curiouser and curiouser...

isajera · 03-15-2002, 03:37 PM

well... i don't have a solution, but i definitely admire the problem...

i sent a few messages to our mods in the security forum, so they should take a look at this thread as soon as they pop in. this is a pretty curious problem, so i'll keep looking around. let us know if you discover anything else.

lhoff · 03-15-2002, 03:51 PM

My /etc/security/limits.conf contains the following:

#End of file
#prevent core dumps
* hard core 0

#limit size of any one of users' files to 100MB
* hard fsize 100000

Would either one of these be the culprit? (This file was touched by my Firewall configuration tool yesterday, so I'm following it as a lead...)