LinuxQuestions.org - su authentication failure without password prompt

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - su authentication failure without password prompt (https://www.linuxquestions.org/questions/linux-security-4/su-authentication-failure-without-password-prompt-855587/)

su authentication failure without password prompt

Hi,

I have a strange behaviour on a Slackware 13.1 box:

Code:

user@host$ su

su: Authentication failure

user@host$

Note that there is no password prompt.

When I 'strace su' there is a password prompt, but using su over strace results in an authentication failure anyway.

Using su as root works fine:

Code:

root@host# su user

user@host$

Normal logins and ssh work fine, too.

I am a little lost at where to start. Any ideas would be greatly appreciated.

Regards,
fbmd

Please confirm setuid bit is set for the command su.

Quote:

Originally Posted by arunpmenon (Post 4220512)

Please confirm setuid bit is set for the command su.

Code:

root@host# ls -l /bin/su

-rws--x--x 1 root root 56229 2010-02-28 20:16 /bin/su

Confirmed. :)

What about /etc/login.defs and related files? Any changes made to them?
Another thought - check aliases - I messed things sometimes there :).

Another place to have a look at could be /etc/pam.d/su whether there is anything used like pam_wheel.so while the user in question not being a member of group wheel. In your first example you are trying to gain root access - is an su for a normal user working in case he wants just to switch to another ordinary user?

Quote:

Originally Posted by SilverBack (Post 4220734)

What about /etc/login.defs and related files? Any changes made to them?

No changes made. Active settings in /etc/login.defs:

Code:

CHFN_AUTH                yes

CHFN_RESTRICT                frwh

CONSOLE                /etc/securetty

CONSOLE_GROUPS                floppy:audio:cdrom:video

DEFAULT_HOME        yes

ENVIRON_FILE        /etc/environment

ENV_HZ                HZ=100

ENV_PATH        PATH=/usr/local/bin:/bin:/usr/bin

ENV_SUPATH        PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin

ERASECHAR        0177

FAILLOG_ENAB                yes

FAIL_DELAY                3

FTMP_FILE        /var/log/btmp

GID_MAX                        60000

GID_MIN                          100

HUSHLOGIN_FILE        .hushlogin

KILLCHAR        025

LASTLOG_ENAB                yes

LOGIN_RETRIES                5

LOGIN_TIMEOUT                60

LOG_OK_LOGINS                no

LOG_UNKFAIL_ENAB        no

MAIL_CHECK_ENAB                yes

MAIL_DIR        /var/spool/mail

MD5_CRYPT_ENAB        yes

MOTD_FILE        /etc/motd

NOLOGINS_FILE        /etc/nologin

OBSCURE_CHECKS_ENAB        yes

PASS_ALWAYS_WARN        yes

PASS_CHANGE_TRIES        5

PASS_MAX_DAYS        99999

PASS_MIN_DAYS        0

PASS_MIN_LEN        5

PASS_WARN_AGE        7

PORTTIME_CHECKS_ENAB        yes

QUOTAS_ENAB                yes

SU_NAME                su

SU_WHEEL_ONLY        no

SYSLOG_SG_ENAB                yes

SYSLOG_SU_ENAB                yes

TTYGROUP        tty

TTYPERM                0620

UID_MAX                        60000

UID_MIN                        1000

UMASK                022

USERGROUPS_ENAB yes

The user in question has UID 1000. GID of "users" is 100.

Quote:

Originally Posted by Reuti (Post 4221516)

Another place to have a look at could be /etc/pam.d/su whether there is anything used like pam_wheel.so while the user in question not being a member of group wheel.

The system is not using pam, i.e. there is no /etc/pam.d.

Quote:

Originally Posted by Reuti (Post 4221516)

In your first example you are trying to gain root access - is an su for a normal user working in case he wants just to switch to another ordinary user?

No, it's the same: authentication failure whithot a password prompt.

I have just tried the following: I added the user to the "wheel" group. Then I changed ownership of /bin/su to root.wheel. That obviously removed the SUID bit:

Code:

$ ls -l /bin/su

-rwx--x--x 1 root wheel 56229 2010-02-28 20:16 /bin/su

But running su now at least gives a password prompt, but still fails, no matter what the password:

Code:

user@host$ su

Password: 

su: Authentication failure

user@host$

The same when trying to change to another user.

I'd still be grateful for any other hints.

fbmd

Was there ever any resolution to this issue?

Cause I'm having the same problem and I haven't quite figured it out myself either.

Guess this is all that we can do here. What I think we should do next is boot up with a live medium and then edit the /etc/passwd and /etc/shadow and see if that helps. This is the only thing I can think of now really.
If you need any more info please post back.
BTW sorry for the delay I was out for a long long time and did not have access to the internet.
Hope this helps.

Hmmm, unfortunately I am on a VPS and cannot perform that step :-( I'm actually trying to update (or downgrade) my udev libraries to see if its something related to that as it was hinted at in an Ubuntu post I have lost at the moment. If you can think of anything else please let me know!

Are you using PAM? As there is the option to block users without a password, and you would get exactly the mentioned behavior of the first post:

Code:

auth required pam_unix2.so nullok

without nullok and empty password.

I am not using PAM. I'm trying to su to a user with a password (ie my root account). I know it has a password because I can login with it.

Set root password first

You probably have not set your root password yet.
Set your password by:

sudo passwd

Then, you won't have that problem again.

Sir_MBA. Please read the thread above.

I know, the thing that I mean is not your login password.
You just try 'sudo passwd', and set a password, and then 'su' again.

Quote:

Originally Posted by Sir_mba (Post 4820153)

I know, the thing that I mean is not your login password.
You just try 'sudo passwd', and set a password, and then 'su' again.

So which password are you referring to?