LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-15-2010, 07:14 PM   #1
hoes
Member
 
Registered: Sep 2005
Distribution: debian, linux from scratch
Posts: 92

Rep: Reputation: 20
Unix-chkpwd problem with Linux-PAM-1.1-1 trying to run su from shadow-4.1.4.2


I am trying to run su as a non privileged user to log in as root.
However, this only works when I make /etc/shadow world readable.
I have /lib/security/unix_chkpwd as a setuid root executable

I use the following pam-file for su:

Code:
# Begin /etc/pam.d/su

auth        sufficient      pam_rootok.so
auth        required        pam_unix.so
account     required        pam_unix.so
session     optional        pam_mail.so     dir=/var/mail standard
session     optional        pam_xauth.so
session     required        pam_env.so
session     required        pam_unix.so

# End /etc/pam.d/su
Has anyone got a clue to what's happening here?

Last edited by hoes; 08-15-2010 at 07:16 PM.
 
Old 08-15-2010, 07:55 PM   #2
hoes
Member
 
Registered: Sep 2005
Distribution: debian, linux from scratch
Posts: 92

Original Poster
Rep: Reputation: 20
I kept getting errors in auth.log like:
Code:
unix_chkpwd[7569]: check pass; user unknown
unix_chkpwd[7569]: password check failed for user (root)
su[7568]: pam_unix(su:auth): authentication failure;
logname=hugo uid=10056 euid=10056 tty=/dev/tty5 ruser=hugo rhost= user=root
su[7568]: pam_authenticate: Authentication failure
su[7568]: FAILED su for root by hugo
su[7568]: - /dev/tty5 hugo:root
I interpreted this as a failure of unix_chkpwd.
However, I had /bin/su as a regular executable.
Once I changed this to setuid root, everything worked.

So sorry, false alarm.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
migrate /etc/shadow from Solaris 10 to other Unix/Linux OS Versions qs_tahmeed Solaris / OpenSolaris 4 06-21-2010 04:31 PM
How to make a unified login? (PAM, LDAP, /etc/shadow, Samba, etc) Kernel Johnson Linux - Security 1 03-26-2010 01:09 AM
/etc/shadow + pam.d configs -- Do they hate each other? ddxC Red Hat 2 09-18-2009 01:31 AM
PAM/shadow question: How do I force the password to be changed? clacour Linux - Security 1 03-25-2004 01:31 AM
postfix + smtpauth + pam/shadow dazk Debian 0 07-30-2003 10:41 AM


All times are GMT -5. The time now is 05:14 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration