LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 05-23-2007, 08:29 AM   #1
hcgrant
Member
 
Registered: Feb 2004
Location: UK Hertfordshire
Distribution: Opensuse 12.2 plus Macs and a Vista and two little RaspberryPi
Posts: 44

Rep: Reputation: 15
Unhappy "Permissions on the password database may be too restrictive"


Hi Folks
When i try to su to root in a console window I get the message

"Permissions on the password database may be too restrictive"

I've been messing around trying to correct ownership problems with chown and must have screwed something somewhere. I can ctrl-alt-F1 to a text console and login as root. However if I try to use any functions via the gui needing root privilages I get the message above or "su error"

Does anyone know which file the password database is in? I'm using Opensuse10.2 64 bit version

Thanks
 
Old 05-23-2007, 09:34 AM   #2
jewillia
LQ Newbie
 
Registered: May 2007
Distribution: Ubuntu Feisty Fawn, Fedora Core 6
Posts: 2

Rep: Reputation: 0
If you are using the standard password file and not LDAP or NIS or any other authentication, you will probably want to check the permissions on /etc/shadow and /etc/passwd. I think /etc/shadow should only be readable by root (400) and /etc/passwd should be readable/writable by root, readable by root group, and readable by everyone (644).
 
Old 05-23-2007, 10:18 AM   #3
mmn357157
LQ Newbie
 
Registered: May 2007
Location: Bangalore
Distribution: RHEL
Posts: 20

Rep: Reputation: 0
hi,
/etc/passwd (644)
/etc/shadow (400)

...are the default permissions. if you made any changes, please revert to the defaults. never allow shadow file readable to other users!

if you are using KDE desktop, do the following. its a fix to KDE on SuSE.

Quote:
You need to edit the file /opt/kde3/share/config/kdeglobals as a root user and add the following line at the end of the file and save it:

[super-user-command]
super-user-command=su
I found this at http://www.linuxquestions.org/questi...d.php?t=551508

________________________________
mmn
 
Old 05-24-2007, 06:11 AM   #4
hcgrant
Member
 
Registered: Feb 2004
Location: UK Hertfordshire
Distribution: Opensuse 12.2 plus Macs and a Vista and two little RaspberryPi
Posts: 44

Original Poster
Rep: Reputation: 15
Talking

Thanks Folks

Sorted!!!

I can now get YAST via the Gui

Last edited by hcgrant; 05-24-2007 at 06:13 AM.
 
Old 05-25-2007, 10:29 PM   #5
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 801

Rep: Reputation: 157Reputation: 157
I noticed that the permissions on my /etc/shadow file are 640, not 400.

Here is what I see:
Code:
-rw-r----- 1 root shadow 657 2006-12-02 22:42 shadow
-rw------- 1 root root   624 2006-12-02 22:42 shadow-
-rw------- 1 root root   607 2006-08-13 06:34 shadow.bak
-rw-r----- 1 root shadow 405 2003-06-16 19:50 shadow.new
Is this something I should be concerned about?
 
Old 05-26-2007, 03:27 AM   #6
hcgrant
Member
 
Registered: Feb 2004
Location: UK Hertfordshire
Distribution: Opensuse 12.2 plus Macs and a Vista and two little RaspberryPi
Posts: 44

Original Poster
Rep: Reputation: 15
I'm guessing here , its possibly a distribution thing but
400 means root only can read the shadow file (security) but cant accidentally write to it. So if root is adding a new user he has to explicitly change the file permissions to write to the file. If chmod is only usable by root when logged in locally then a hacker (assuming a remote access ) cant add to the file.
Any one know about restrictions to chmod use ?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Displaying "MyComputer", "Trash", "Network Servers" Icons On A GNOME Desktop LXer Syndicated Linux News 0 04-02-2007 08:31 AM
"cp -p" fails with "cp: setting permissions for `/home/svbld/t': Invalid argument" mkhesin Red Hat 1 02-28-2007 12:57 AM
permissions on password database too restrictive Intermove Linux - Security 5 06-18-2006 11:00 AM
Snort database: Closing connection to database "" Homer Glemkin Linux - Security 2 07-14-2005 06:58 PM
Open gl programs quit, nvidia driver "permissions are too restrictive." sirbrett Slackware 4 10-26-2004 08:48 PM


All times are GMT -5. The time now is 11:49 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration