How did I pooch SU?

Jukas · 05-25-2005, 10:26 AM

I was trying to make my box more secure, and was trying to set it so that only certain users could access the SU utility.

I created a group called wheel, and put only root and my login in that group. Then as root I did a

Quote:

chown root.wheel su

and then [/quote]chmod 750 su[/quote] to allow owner and group to execute it.

I tested it on an account not in the wheel group and login failed, but when I tried to su via my account (which is in the wheel group) I also couldn't log in. This is what I'm seeing in my logs

Quote:

May 24 16:28:20 nix su[4337]: (pam_unix) authentication failure; logname=jchieppa uid=1000 euid=1000 tty=tty1 ruser=jchieppa rhost= user=root
May 24 16:28:22 nix su[4337]: pam_authenticate: Authentication failure

May 25 08:20:10 nix su[5809]: (pam_unix) authentication failure; logname=jchieppa uid=1000 euid=1000 tty=pts/1 ruser=jchieppa rhost= user=root
May 25 08:20:11 nix su[5809]: pam_authenticate: Authentication failure
May 25 08:20:11 nix su[5809]: - pts/1 jchieppa:root

So I figured I'd undo the changes and did a [/quote]chown root:root su[/quote] and

Quote:

chmod 755 su

but I still can't su via SSH and still see the same errors in my auth logs.

Any idea what went wrong and how to fix it?

makuyl · 05-25-2005, 12:46 PM

You removed the suid bit from su. You can put it back with: chmod 4755 /bin/su

Jukas · 05-25-2005, 01:36 PM

Quote:

Originally posted by makuyl
You removed the suid bit from su. You can put it back with: chmod 4755 /bin/su

Thanks, that was exactly it. To let my inexperience really shine what is the s flag for in the ls -l listing? It's what was causing the problem, and I'd like to understand what it is, does and why it's needed.

nix:/bin# ls su -l
-rwsr-x--- 1 root wheel 23416 2005-05-17 23:33 su

makuyl · 05-25-2005, 02:59 PM

Since there's a wiki here: http://wiki.linuxquestions.org/wiki/Suid
Basically it runs the command as if it was run by the file's owner. Hope that makes any sense. Well, at least the link does