Dear Sir,

I am using SUSE linux and I encountered a problem on changing user right to root by "su -" command. After entering the password, it displayed an error message, "su: cannot set groups: Operation not permitted". This error had not encountered in the past and now I just can logon as root at boot up time.

Please advise.

I look forward to see your reply.

Thanks and regards,

Nelson Yuen

I would make sure that the su binary is suid root. Then make sure that /etc/passwd and /etc/group are both world readable. If everything checks out I would run an strace on su. It may be looking for a library that no longer exists.

Thanks for you quick reply.

I made sure that /etc/group and /etc/passwd are world readable, but how can I sure the su is suid root?
I used the strace su command and got the follow result at the tail.

----------------------------------------------------------
igaction(SIGPIPE, {0x400eef30, [], 0x4000000}, {SIG_DFL}, 8) = 0
socket(PF_UNIX, SOCK_DGRAM, 0) = 3
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sin_family=AF_UNIX, path=" /dev/log"}, 16) = 0
send(3, "<37>Feb 10 04:25:27 su: (to root"..., 51, 0) = 51
rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0
close(3) = 0
open("/etc/group", O_RDONLY) = 3
fcntl(3, F_GETFD) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=667, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40152000
_llseek(3, 0, [0], SEEK_CUR) = 0
read(3, "root:x:0:root\nbin:x:1:root,bin,d"..., 4096) = 667
read(3, "", 4096) = 0
close(3) = 0
munmap(0x40152000, 4096) = 0
setgroups(7, [0, 1, 14, 15, 16, 17, 65534]) = -1 EPERM (Operation not permitted)
open("/usr/share/locale/en_US/LC_MESSAGES/sh-utils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/sh-utils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "su: ", 4su: ) = 4
write(2, "cannot set groups", 17cannot set groups) = 17
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, ": Operation not permitted", 25: Operation not permitted) = 25
write(2, "\n", 1
) = 1
_exit(1) = ?

-----------------------------------------------------
Then what can I do?
Please advise.

If you do an ls -l on su you should see:

It shows rwxr-xr-x, should I change to mode? How?

chmod +s being root
you could chose chmod [ugo]+s where u = user, g = group,
o = others ...
if you want to use "group" and user ... chmod ug+s <program>

Oh thanks a lot. it works now.
but why will it change the mode suddenly? Is the suse not stable?

Don't worry, "su" may be or may be not be executed from users, this (AFAIK) is a security issue. For example, in my old job no other user than root can do "su" ... it was some kind of paranoia, but that has nothing to do with stability of the system ...
(every program with "set uid" root is potencialy dangerous, but if the machine is yours, not setting set uid root to "su" could be very annoying :-)

I think that suse is a great distrubution ...

Great answer. Thanks a lot.

Kicking a thread that's more than 8.5 years old, just to say thanks

But OK, nice to see that jeremy actually did assist in solving problems in the old days

Wim Sturkenboom, I still do - just not quite as much as when LQ started (and I was one of the only members answering threads).

--jeremy

I assume you do; probably not as much in the sections that I visit. To be honest, it was the first time in my 4 year history with LQ that I saw your name, so that caught the attention.

And just in case, it was not intended as an offence

None taken

--jeremy

You can also set the SETUID on su by entering: chmod 4755 /bin/su as root. I never got used to those "+" changes...

this was incredibly helpful! registered just to say thanks.