LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-13-2008, 10:44 AM   #1
mfb
LQ Newbie
 
Registered: Aug 2007
Posts: 20

Rep: Reputation: 0
su: cannot set groups: Operation not permitted


I am running RedHat Enterprise version 4 (2.6.9-67). When I run the command "su -" from an regular user who is a secondary member of the wheel group I get the following error "su: cannot set groups: Operation not permitted" after entering the root password.

The permissions for /bin/su are at rwsr_xr_x.

These are the pam files "su" and "sys-auth"

#%PAM-1.0
auth sufficient /lib/security/$ISA/pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth required /lib/security/$ISA/pam_wheel.so use_uid
auth required /lib/security/$ISA/pam_stack.so service=system-auth
account sufficient /lib/security/$ISA/pam_succeed_if.so uid=0 use_uid quiet
account required /lib/security/$ISA/pam_stack.so service=system-auth
password required /lib/security/$ISA/pam_stack.so service=system-auth
# pam_selinux.so close must be first session rule
session required /lib/security/$ISA/pam_selinux.so close
session required /lib/security/$ISA/pam_stack.so service=system-auth
# pam_selinux.so open and pam_xauth must be last two session rules
session required /lib/security/$ISA/pam_selinux.so open
session optional /lib/security/$ISA/pam_xauth.so



#######################################################################
sys-auth


#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so

account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so

password requisite /lib/security/$ISA/pam_cracklib.so retry=3 lcredit=-2 dcredit=-2 ocredit=-2 ucredit=-2
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/$ISA/pam_deny.so

session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so

account required /lib/security/$ISA/pam_tally.so deny=3 no_magic_root reset

account sufficient /lib/security/$ISA/pam_unix.so nullok use_athtok md5 shadow remember=5


Not sure what I am missing if need be I will supply an strace output but I didn't gleam anything from it but that doesn't mean too much. I'm not sure what to look for in the output.

Thanks in advance
 
Old 02-14-2008, 04:39 AM   #2
Deleriux
Member
 
Registered: Nov 2003
Posts: 89

Rep: Reputation: 16
what happens if you go :-

newgrp wheel
su -

It might give you a better idea whats happening if you go:-
strace su -
 
Old 02-14-2008, 06:37 AM   #3
mfb
LQ Newbie
 
Registered: Aug 2007
Posts: 20

Original Poster
Rep: Reputation: 0
The group wheel already does exist.
The strace command gives alot of info but not sure what I am looking for.
 
Old 02-14-2008, 07:46 AM   #4
Deleriux
Member
 
Registered: Nov 2003
Posts: 89

Rep: Reputation: 16
newgrp doesnt create the group - it switches the user to that group as its primary one.

If you try strace -o /root/dump.txt su -

You can paste the results from /root/dump.txt here.
 
Old 02-14-2008, 08:54 AM   #5
mfb
LQ Newbie
 
Registered: Aug 2007
Posts: 20

Original Poster
Rep: Reputation: 0
The newgrp command did not work as far as allowing me to su -
Let me give you some more info I am running a set of scripts to security harden this workstation. I ran through each script individualy this morning and was able to su - , but after a reboot I receive the error message "su: incorrect password". I am using the correct password for thr root account. I thank you for taking a look at the trace file it is a little overwelming for me.

also here is the error from /var/log/messages
su(pam_unix)[6451] authentication failure; logname=root uid=4097 euid=4097 tty=pts/7 ruser=mfbb rhost= user=root
strace output to large for this reply will attach it to another reply
 
Old 02-14-2008, 08:56 AM   #6
mfb
LQ Newbie
 
Registered: Aug 2007
Posts: 20

Original Poster
Rep: Reputation: 0
I need to cut the size of the strace output any suggestions as to where to cut?
 
Old 02-14-2008, 09:24 AM   #7
Deleriux
Member
 
Registered: Nov 2003
Posts: 89

Rep: Reputation: 16
The last few lines should probably be OK.
 
Old 02-14-2008, 09:25 AM   #8
Deleriux
Member
 
Registered: Nov 2003
Posts: 89

Rep: Reputation: 16
You could consider using sudo instead of su - if its a series of automated scripts.
 
Old 02-14-2008, 09:46 AM   #9
mfb
LQ Newbie
 
Registered: Aug 2007
Posts: 20

Original Poster
Rep: Reputation: 0
getuid() = 4097
open("/etc/passwd", O_RDONLY) = 3
fcntl(3, F_GETFD) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=1450, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2a98c3f000
read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1450
close(3) = 0
munmap(0x2a98c3f000, 4096) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
open("/etc/group", O_RDONLY) = 3
fcntl(3, F_GETFD) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=608, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2a98c3f000
read(3, "root:x:0:root\nbin:x:1:root,bin,d"..., 4096) = 608
close(3) = 0
munmap(0x2a98c3f000, 4096) = 0
stat("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/etc/pam.d/system-auth", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0444, st_size=820, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2a98c3f000
read(3, "#%PAM-1.0\n# This file is auto-ge"..., 4096) = 820
open("/lib/security/$ISA/pam_env.so", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/security/../../lib64/security/pam_env.so", O_RDONLY) = 4
read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\16\0\0\0\0\0\0"..., 832) = 832
fstat(4, {st_mode=S_IFREG|0755, st_size=12624, ...}) = 0
mmap(NULL, 1059376, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x2a995bb000
mprotect(0x2a995be000, 1047088, PROT_NONE) = 0
mmap(0x2a996bd000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x2000) = 0x2a996bd000
close(4) = 0
open("/lib/security/$ISA/pam_unix.so", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/security/../../lib64/security/pam_unix.so", O_RDONLY) = 4
read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\00008\0\0\0\0\0\0"..., 832) = 832
fstat(4, {st_mode=S_IFREG|0755, st_size=54576, ...}) = 0
mmap(NULL, 1150792, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x2a996be000
mprotect(0x2a996cb000, 1097544, PROT_NONE) = 0
mmap(0x2a997ca000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0xc000) = 0x2a997ca000
mmap(0x2a997cb000, 48968, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2a997cb000
close(4) = 0
open("/etc/ld.so.cache", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=150624, ...}) = 0
mmap(NULL, 150624, PROT_READ, MAP_PRIVATE, 4, 0) = 0x2a997d7000
close(4) = 0
open("/lib64/libnsl.so.1", O_RDONLY) = 4
read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`MP\340>\0\0\0"..., 832) = 832
fstat(4, {st_mode=S_IFREG|0755, st_size=114976, ...}) = 0
mmap(NULL, 1145936, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x2a997fc000
mprotect(0x2a99811000, 1059920, PROT_NONE) = 0
mmap(0x2a99910000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x14000) = 0x2a99910000
mmap(0x2a99912000, 7248, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2a99912000
close(4) = 0
mprotect(0x2a99910000, 4096, PROT_READ) = 0
munmap(0x2a997d7000, 150624) = 0
open("/lib/security/$ISA/pam_deny.so", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/security/$ISA/pam_succeed_if.so", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/security/$ISA/pam_permit.so", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/security/../../lib64/security/pam_permit.so", O_RDONLY) = 4
read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220\7\0\0\0\0\0\0"..., 832) = 832
fstat(4, {st_mode=S_IFREG|0755, st_size=4968, ...}) = 0
mmap(NULL, 1051728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x2a99914000
mprotect(0x2a99915000, 1047632, PROT_NONE) = 0
mmap(0x2a99a14000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0) = 0x2a99a14000
close(4) = 0
open("/lib/security/$ISA/pam_cracklib.so", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/security/../../lib64/security/pam_cracklib.so", O_RDONLY) = 4
read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220\17\0\0\0\0\0\0"..., 832) = 832
fstat(4, {st_mode=S_IFREG|0755, st_size=13960, ...}) = 0
mmap(NULL, 1077120, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x2a99a15000
mprotect(0x2a99a18000, 1064832, PROT_NONE) = 0
mmap(0x2a99b17000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x2000) = 0x2a99b17000
mmap(0x2a99b18000, 16256, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2a99b18000
close(4) = 0
open("/etc/ld.so.cache", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=150624, ...}) = 0
mmap(NULL, 150624, PROT_READ, MAP_PRIVATE, 4, 0) = 0x2a99b1c000
close(4) = 0
open("/usr/lib64/libcrack.so.2", O_RDONLY) = 4
read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20:0\330>\0\0\0"..., 832) = 832
fstat(4, {st_mode=S_IFREG|0755, st_size=40736, ...}) = 0
mmap(NULL, 1100320, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x2a99b41000
mprotect(0x2a99b49000, 1067552, PROT_NONE) = 0
mmap(0x2a99c49000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x8000) = 0x2a99c49000
mmap(0x2a99c4a000, 14880, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2a99c4a000
close(4) = 0
munmap(0x2a99b1c000, 150624) = 0
open("/lib/security/$ISA/pam_limits.so", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/security/../../lib64/security/pam_limits.so", O_RDONLY) = 4
read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240\27\0\0\0\0\0\0"..., 832) = 832
fstat(4, {st_mode=S_IFREG|0755, st_size=20824, ...}) = 0
mmap(NULL, 1067848, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x2a99c4e000
mprotect(0x2a99c53000, 1047368, PROT_NONE) = 0
mmap(0x2a99d52000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x4000) = 0x2a99d52000
close(4) = 0
read(3, "", 4096) = 0
close(3) = 0
munmap(0x2a98c3f000, 4096) = 0
open("/etc/pam.d/other", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=230, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2a98c3f000
read(3, "#%PAM-1.0\nauth required "..., 4096) = 230
read(3, "", 4096) = 0
close(3) = 0
munmap(0x2a98c3f000, 4096) = 0
getuid() = 4097
open("/etc/passwd", O_RDONLY) = 3
fcntl(3, F_GETFD) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=1450, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2a98c3f000
read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1450
close(3) = 0
munmap(0x2a98c3f000, 4096) = 0
open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied)
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
rt_sigprocmask(SIG_BLOCK, [INT TSTP], [], 8) = 0
ioctl(0, SNDCTL_TMR_CONTINUE or TCSETSF, {B38400 opost isig icanon -echo ...}) = 0
write(2, "Password: ", 10) = 10
read(0, "rootroot\n", 511) = 9
ioctl(0, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig icanon echo ...}) = 0
write(2, "\n", 1) = 1
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
ioctl(0, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig icanon echo ...}) = 0
open("/etc/passwd", O_RDONLY) = 3
fcntl(3, F_GETFD) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=1450, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2a98c3f000
read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1450
close(3) = 0
munmap(0x2a98c3f000, 4096) = 0
open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied)
geteuid() = 4097
pipe([3, 4]) = 0
rt_sigaction(SIGCHLD, {SIG_DFL}, {SIG_DFL}, 8) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2a95df6770) = 6102
write(4, "rootroot\0", 9) = 9
close(3) = 0
close(4) = 0
wait4(6102, [{WIFEXITED(s) && WEXITSTATUS(s) == 7}], 0, NULL) = 6102
--- SIGCHLD (Child exited) @ 0 (0) ---
getuid() = 4097
geteuid() = 4097
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
readlink("/proc/self/fd/0", "/dev/pts/7", 4095) = 10
access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDWR) = -1 EACCES (Permission denied)
open("/var/run/utmp", O_RDONLY) = 3
fcntl(3, F_GETFD) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
lseek(3, 0, SEEK_SET) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x2a95ba6890, [], SA_RESTORER, 0x2a95ade2f0}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\10\0\0\0\23\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\2\0\0\0\0\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\1\0\0\0005N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\10\0\0\0v\17\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\6\0\0\0\324\20\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\6\0\0\0\326\20\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\6\0\0\0\327\20\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\6\0\0\0\330\20\0\0tty4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\5\0\0\0\331\20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\6\0\0\0\335\20\0\0tty6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\5\0\0\0\336\20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\f\26\0\0:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\213\26\0\0pts/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\277\26\0\0pts/2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\321\26\0\0pts/3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\342\26\0\0pts/4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\363\26\0\0pts/5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\4\27\0\0pts/6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\25\27\0\0pts/7\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
fcntl(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
close(3) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
readlink("/proc/self/fd/0", "/dev/pts/7", 4095) = 10
access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDWR) = -1 EACCES (Permission denied)
open("/var/run/utmp", O_RDONLY) = 3
fcntl(3, F_GETFD) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
lseek(3, 0, SEEK_SET) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x2a95ba6890, [], SA_RESTORER, 0x2a95ade2f0}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\10\0\0\0\23\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\2\0\0\0\0\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\1\0\0\0005N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\10\0\0\0v\17\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\6\0\0\0\324\20\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\6\0\0\0\326\20\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\6\0\0\0\327\20\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\6\0\0\0\330\20\0\0tty4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\5\0\0\0\331\20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\6\0\0\0\335\20\0\0tty6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\5\0\0\0\336\20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\f\26\0\0:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\213\26\0\0pts/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\277\26\0\0pts/2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\321\26\0\0pts/3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\342\26\0\0pts/4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\363\26\0\0pts/5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\4\27\0\0pts/6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\25\27\0\0pts/7\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
fcntl(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
close(3) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
readlink("/proc/self/fd/0", "/dev/pts/7", 4095) = 10
access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDWR) = -1 EACCES (Permission denied)
open("/var/run/utmp", O_RDONLY) = 3
fcntl(3, F_GETFD) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
lseek(3, 0, SEEK_SET) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x2a95ba6890, [], SA_RESTORER, 0x2a95ade2f0}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\10\0\0\0\23\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\2\0\0\0\0\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\1\0\0\0005N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\10\0\0\0v\17\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\6\0\0\0\324\20\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\6\0\0\0\326\20\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\6\0\0\0\327\20\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\6\0\0\0\330\20\0\0tty4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\5\0\0\0\331\20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\6\0\0\0\335\20\0\0tty6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\5\0\0\0\336\20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\f\26\0\0:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\213\26\0\0pts/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\277\26\0\0pts/2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\321\26\0\0pts/3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\342\26\0\0pts/4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\363\26\0\0pts/5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\4\27\0\0pts/6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\25\27\0\0pts/7\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
fcntl(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
close(3) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
readlink("/proc/self/fd/0", "/dev/pts/7", 4095) = 10
access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDWR) = -1 EACCES (Permission denied)
open("/var/run/utmp", O_RDONLY) = 3
fcntl(3, F_GETFD) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
lseek(3, 0, SEEK_SET) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x2a95ba6890, [], SA_RESTORER, 0x2a95ade2f0}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\10\0\0\0\23\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\2\0\0\0\0\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\1\0\0\0005N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\10\0\0\0v\17\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\6\0\0\0\324\20\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\6\0\0\0\326\20\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\6\0\0\0\327\20\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\6\0\0\0\330\20\0\0tty4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\5\0\0\0\331\20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\6\0\0\0\335\20\0\0tty6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\5\0\0\0\336\20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\f\26\0\0:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\213\26\0\0pts/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\277\26\0\0pts/2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\321\26\0\0pts/3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\342\26\0\0pts/4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\363\26\0\0pts/5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\4\27\0\0pts/6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(3, "\7\0\0\0\25\27\0\0pts/7\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
fcntl(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
close(3) = 0
open("/etc/localtime", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2a98c3f000
read(3, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0"..., 4096) = 1267
close(3) = 0
munmap(0x2a98c3f000, 4096) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0
getpid() = 6101
socket(PF_FILE, SOCK_DGRAM, 0) = 3
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sa_family=AF_FILE, path="/dev/log"}, 16) = 0
sendto(3, "<37>Feb 14 10:35:14 su(pam_unix)"..., 134, MSG_NOSIGNAL, NULL, 0) = 134
close(3) = 0
select(0, NULL, NULL, NULL, {2, 347378}) = 0 (Timeout)
socket(PF_NETLINK, SOCK_RAW, 9) = 3
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
readlink("/proc/self/exe", "/bin/su", 4095) = 7
open("/usr/lib64/gconv/gconv-modules.cache", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=21546, ...}) = 0
mmap(NULL, 21546, PROT_READ, MAP_SHARED, 4, 0) = 0x2a98c3f000
close(4) = 0
sendto(3, "\204\0\0\0L\4\5\0\1\0\0\0\0\0\0\0PAM authenticati"..., 132, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 132
poll([{fd=3, events=POLLIN, revents=POLLIN}], 1, 100) = 1
recvfrom(3, "$\0\0\0\2\0\0\0\1\0\0\0\325\27\0\0\377\377\377\377\204\0\0\0L\4\5\0\1\0\0\0"..., 8476, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36
recvfrom(3, "$\0\0\0\2\0\0\0\1\0\0\0\325\27\0\0\377\377\377\377\204\0\0\0L\4\5\0\1\0\0\0"..., 8476, MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36
getuid() = 4097
close(3) = 0
munmap(0x2a995bb000, 1059376) = 0
munmap(0x2a996be000, 1150792) = 0
munmap(0x2a997fc000, 1145936) = 0
munmap(0x2a99914000, 1051728) = 0
munmap(0x2a99a15000, 1077120) = 0
munmap(0x2a99b41000, 1100320) = 0
munmap(0x2a99c4e000, 1067848) = 0
munmap(0x2a98d70000, 1052160) = 0
munmap(0x2a98fa6000, 1061960) = 0
munmap(0x2a990aa000, 1059240) = 0
munmap(0x2a991ad000, 1067240) = 0
munmap(0x2a992b2000, 1060104) = 0
munmap(0x2a98e96000, 1111648) = 0
munmap(0x2a993b5000, 1066088) = 0
munmap(0x2a994ba000, 1051392) = 0
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2528, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2a98c45000
read(3, "# Locale name alias data base.\n#"..., 4096) = 2528
read(3, "", 4096) = 0
close(3) = 0
munmap(0x2a98c45000, 4096) = 0
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "su: ", 4) = 4
write(2, "incorrect password", 18) = 18
write(2, "\n", 1) = 1
exit_group(1) = ?
 
Old 02-14-2008, 01:01 PM   #10
mfb
LQ Newbie
 
Registered: Aug 2007
Posts: 20

Original Poster
Rep: Reputation: 0
Problem Solved: This was very painful had to execute each hardening script individually and reboot to see which script broke the su feature. It turned out that one of the scripts set the nosuid in the /etc/fstab file for the / partition. This was not good. Much thanks to Deleriux for support and the major job of looking over an strace output. what a guy.
 
Old 12-04-2008, 04:17 AM   #11
systron
LQ Newbie
 
Registered: Dec 2008
Posts: 1

Rep: Reputation: 1
su -

Most likely, su isn't setuid root, log in as root and type
# chmod u+s /bin/su
that should fix it. If you can't login as root, AFAIK you're screwed.
 
1 members found this post helpful.
  


Reply

Tags
su


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Canīt set DMA : HDIO_SET_DMA failed: Operation not permitted tiuz Linux - Hardware 13 03-17-2006 11:38 AM
Operation not permitted jakkals Linux - General 3 09-26-2005 07:30 PM
su - operation not permitted jrtayloriv Linux - Newbie 2 06-09-2005 09:27 PM
operation not permitted jamaso Slackware 2 05-08-2004 05:55 AM
Operation not permitted FrozenShadow23 Linux - Newbie 6 10-05-2003 05:13 PM


All times are GMT -5. The time now is 11:03 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration