LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices



Reply
 
Search this Thread
Old 02-04-2001, 11:12 PM   #1
nelsonyuen
LQ Newbie
 
Registered: Feb 2001
Posts: 4

Rep: Reputation: 0
Unhappy


Dear Sir,

I am using SUSE linux and I encountered a problem on changing user right to root by "su -" command. After entering the password, it displayed an error message, "su: cannot set groups: Operation not permitted". This error had not encountered in the past and now I just can logon as root at boot up time.

Please advise.

I look forward to see your reply.

Thanks and regards,

Nelson Yuen
 
Old 02-04-2001, 11:30 PM   #2
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,623

Rep: Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657
I would make sure that the su binary is suid root. Then make sure that /etc/passwd and /etc/group are both world readable. If everything checks out I would run an strace on su. It may be looking for a library that no longer exists.
 
Old 02-04-2001, 11:46 PM   #3
nelsonyuen
LQ Newbie
 
Registered: Feb 2001
Posts: 4

Original Poster
Rep: Reputation: 0
Thanks for you quick reply.

I made sure that /etc/group and /etc/passwd are world readable, but how can I sure the su is suid root?
I used the strace su command and got the follow result at the tail.

----------------------------------------------------------
igaction(SIGPIPE, {0x400eef30, [], 0x4000000}, {SIG_DFL}, 8) = 0
socket(PF_UNIX, SOCK_DGRAM, 0) = 3
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sin_family=AF_UNIX, path=" /dev/log"}, 16) = 0
send(3, "<37>Feb 10 04:25:27 su: (to root"..., 51, 0) = 51
rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0
close(3) = 0
open("/etc/group", O_RDONLY) = 3
fcntl(3, F_GETFD) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=667, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40152000
_llseek(3, 0, [0], SEEK_CUR) = 0
read(3, "root:x:0:root\nbin:x:1:root,bin,d"..., 4096) = 667
read(3, "", 4096) = 0
close(3) = 0
munmap(0x40152000, 4096) = 0
setgroups(7, [0, 1, 14, 15, 16, 17, 65534]) = -1 EPERM (Operation not permitted)
open("/usr/share/locale/en_US/LC_MESSAGES/sh-utils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/sh-utils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "su: ", 4su: ) = 4
write(2, "cannot set groups", 17cannot set groups) = 17
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, ": Operation not permitted", 25: Operation not permitted) = 25
write(2, "\n", 1
) = 1
_exit(1) = ?

-----------------------------------------------------
Then what can I do?
Please advise.
 
Old 02-04-2001, 11:51 PM   #4
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,623

Rep: Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657
If you do an ls -l on su you should see:
Quote:
-rwsr-xr-x
 
Old 02-05-2001, 01:08 AM   #5
nelsonyuen
LQ Newbie
 
Registered: Feb 2001
Posts: 4

Original Poster
Rep: Reputation: 0
It shows rwxr-xr-x, should I change to mode? How?
 
Old 02-05-2001, 07:44 AM   #6
chay
LQ Newbie
 
Registered: Jan 2001
Location: Santiago, Chile
Posts: 21

Rep: Reputation: 15
chmod +s

chmod +s being root
you could chose chmod [ugo]+s where u = user, g = group,
o = others ...
if you want to use "group" and user ... chmod ug+s <program>
 
Old 02-05-2001, 09:20 PM   #7
nelsonyuen
LQ Newbie
 
Registered: Feb 2001
Posts: 4

Original Poster
Rep: Reputation: 0
Thumbs up

Oh thanks a lot. it works now.
but why will it change the mode suddenly? Is the suse not stable?
 
Old 02-06-2001, 07:34 AM   #8
chay
LQ Newbie
 
Registered: Jan 2001
Location: Santiago, Chile
Posts: 21

Rep: Reputation: 15
Wink don't worry

Don't worry, "su" may be or may be not be executed from users, this (AFAIK) is a security issue. For example, in my old job no other user than root can do "su" ... it was some kind of paranoia, but that has nothing to do with stability of the system ...
(every program with "set uid" root is potencialy dangerous, but if the machine is yours, not setting set uid root to "su" could be very annoying :-)

I think that suse is a great distrubution ...
 
Old 10-16-2009, 10:47 PM   #9
Maniraj Patri
LQ Newbie
 
Registered: Oct 2009
Posts: 1

Rep: Reputation: 0
Worked for me

Great answer. Thanks a lot.
 
Old 10-17-2009, 07:23 AM   #10
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
Kicking a thread that's more than 8.5 years old, just to say thanks

But OK, nice to see that jeremy actually did assist in solving problems in the old days
 
Old 10-17-2009, 12:43 PM   #11
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,623

Rep: Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657
Wim Sturkenboom, I still do - just not quite as much as when LQ started (and I was one of the only members answering threads).

--jeremy
 
Old 10-18-2009, 02:55 AM   #12
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
I assume you do; probably not as much in the sections that I visit. To be honest, it was the first time in my 4 year history with LQ that I saw your name, so that caught the attention.

And just in case, it was not intended as an offence
 
Old 10-18-2009, 11:53 AM   #13
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,623

Rep: Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657Reputation: 2657
None taken

--jeremy
 
Old 01-14-2010, 04:18 PM   #14
mitchloft
LQ Newbie
 
Registered: Mar 2005
Location: Chicago area
Distribution: Fedora Core
Posts: 8

Rep: Reputation: 0
One other way....

You can also set the SETUID on su by entering: chmod 4755 /bin/su as root. I never got used to those "+" changes...
 
Old 07-31-2010, 01:24 PM   #15
ksulli10
LQ Newbie
 
Registered: Jul 2010
Posts: 1

Rep: Reputation: 0
this was incredibly helpful! registered just to say thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Telling people to use "Google," to "RTFM," or "Use the search feature" Ausar General 77 03-21-2010 12:26 PM
"Xlib: extension "XFree86-DRI" missing on display ":0.0"." zaps Linux - Games 9 05-14-2007 04:07 PM
How to set the size of icons for "Starterbar" in "Gdekslets" Blue Jacket Linux - Software 4 11-23-2005 03:42 AM
"mythtv-setup" giving "Session management error: Authentication Rejected" Mitchua Ubuntu 0 10-09-2005 05:32 PM
FC4 install errors, "diabling IRQ #10" "nobody cares" error message??? A6Quattro Fedora 6 07-20-2005 01:49 PM


All times are GMT -5. The time now is 02:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration