Go Job Hunting at the LQ Job Marketplace
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 08-15-2010, 08:14 PM   #1
Registered: Sep 2005
Distribution: debian, linux from scratch
Posts: 122

Rep: Reputation: 27
Unix-chkpwd problem with Linux-PAM-1.1-1 trying to run su from shadow-

I am trying to run su as a non privileged user to log in as root.
However, this only works when I make /etc/shadow world readable.
I have /lib/security/unix_chkpwd as a setuid root executable

I use the following pam-file for su:

# Begin /etc/pam.d/su

auth        sufficient
auth        required
account     required
session     optional     dir=/var/mail standard
session     optional
session     required
session     required

# End /etc/pam.d/su
Has anyone got a clue to what's happening here?

Last edited by hoes; 08-15-2010 at 08:16 PM.
Old 08-15-2010, 08:55 PM   #2
Registered: Sep 2005
Distribution: debian, linux from scratch
Posts: 122

Original Poster
Rep: Reputation: 27
I kept getting errors in auth.log like:
unix_chkpwd[7569]: check pass; user unknown
unix_chkpwd[7569]: password check failed for user (root)
su[7568]: pam_unix(su:auth): authentication failure;
logname=hugo uid=10056 euid=10056 tty=/dev/tty5 ruser=hugo rhost= user=root
su[7568]: pam_authenticate: Authentication failure
su[7568]: FAILED su for root by hugo
su[7568]: - /dev/tty5 hugo:root
I interpreted this as a failure of unix_chkpwd.
However, I had /bin/su as a regular executable.
Once I changed this to setuid root, everything worked.

So sorry, false alarm.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
migrate /etc/shadow from Solaris 10 to other Unix/Linux OS Versions qs_tahmeed Solaris / OpenSolaris 4 06-21-2010 05:31 PM
How to make a unified login? (PAM, LDAP, /etc/shadow, Samba, etc) Kernel Johnson Linux - Security 1 03-26-2010 02:09 AM
/etc/shadow + pam.d configs -- Do they hate each other? ddxC Red Hat 2 09-18-2009 02:31 AM
PAM/shadow question: How do I force the password to be changed? clacour Linux - Security 1 03-25-2004 02:31 AM
postfix + smtpauth + pam/shadow dazk Debian 0 07-30-2003 11:41 AM

All times are GMT -5. The time now is 01:49 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration