[SOLVED] su strange behavior [slackware64]

duro · 12-10-2010, 02:03 PM

Hi.

Just a while ago I was playing with vsftpd (adding groups, users etc.) and suddenly I couldn't su - from normal user. This seems very awkward because I haven't touched anything linked to this command. I can normally login to root account and to my user account, but when i try to su - from user (or root) I only see blank screen and there is no reaction at all. Normally the password field appears and after typing it everything works but... well the password field doesn't appear. It looks like infinite loop.

Code:

su -
(nothing happens, empty line -> you can type anything here)

I've checked everything and it seems it should work as it did 30 minutes ago.

Code:

bash-4.1# ls -l `which su`
-rws--x--x 1 root root 66179 2010-02-28 21:19 /bin/su

Code:

bash-4.1# cat /etc/login.defs | grep WHEEL
SU_WHEEL_ONLY   no

Any ideas?

EDIT: I've replaced the su file in /bin with a new one from package and this issue still is present. So probably I've messed something up in configs.

EDIT#2:
Operations I've made today.

Code:

Dec 10 19:04:14 linux su[6612]: Successful su for root by user
Dec 10 19:04:14 linux su[6612]: + /dev/pts/0 user:root
Dec 10 19:20:30 linux groupadd[6970]: group added to /etc/group: name=ftp-users, GID=1000
Dec 10 19:20:30 linux groupadd[6970]: group added to /etc/gshadow: name=ftp-users
Dec 10 19:20:30 linux groupadd[6970]: new group: name=ftp-users, GID=1000
Dec 10 19:22:37 linux useradd[6982]: new user: name=ftp, UID=1001, GID=1000, home=/mnt/hd/ftp/, shell=/bin/bash
Dec 10 19:24:29 linux passwd[6987]: password for 'ftp' changed by 'root'
Dec 10 20:00:32 linux usermod[7226]: change user 'ftp' shell from '/bin/bash' to '/sbin/nologin'
Dec 10 20:11:57 linux login[1505]: invalid password for 'root'  on '/dev/tty1'
Dec 10 20:12:04 linux login[1505]: ROOT LOGIN  on '/dev/tty1'
Dec 10 20:12:52 linux userdel[1525]: delete user 'ftp' 
Dec 10 20:13:07 linux groupdel[1532]: group 'ftp-users' removed from /etc/group
Dec 10 20:13:07 linux groupdel[1532]: group 'ftp-users' removed from /etc/gshadow
Dec 10 20:13:07 linux groupdel[1532]: group 'ftp-users' removed

19.00-19.25 everything works fine.
About ~20 the problem appears.

Code:

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND           
 1946 root      20   0 14712  856  688 R  100  0.0   0:06.11 su

tronayne · 12-11-2010, 07:51 AM

The behavior of su - is just a little different than simply su; with the dash, you get root's profile (which is really what you want).

Edit /etc/login.defs and comment-out

Code:

#
# If defined, the command name to display when running "su -".  For
# example, if this is defined as "su" then a "ps" will display the
# command is "-su".  If not defined, then "ps" would display the
# name of the shell actually being run, e.g. something like "-sh".
#
#SU_NAME                su

That's not too obvious, but that'll probably help. Too,

Code:

SU_WHEEL_ONLY   no

should remain that way.

Hope this helps some.

duro · 12-11-2010, 03:29 PM

Well, I've had the SU_NAME uncommented so it's not this.
The main issue is that when I try to su (or su -) the commands uses 100% of CPU (like in infinite loop while(True) ; ) and the question for password doesn't appear (no wonder...). This is as confusing as it could be and I don't know (yet) what can be the problem...

rob.rice · 12-11-2010, 05:56 PM

Quote:

Originally Posted by duro

Well, I've had the SU_NAME uncommented so it's not this.
The main issue is that when I try to su (or su -) the commands uses 100% of CPU (like in infinite loop while(True) ; ) and the question for password doesn't appear (no wonder...). This is as confusing as it could be and I don't know (yet) what can be the problem...

read the comment from the config file

the command "SU_NAME su" will cause su to run su instead of a shell
so su is entered into a command line su runs it finds that su is it's command interpreter
so it loads su witch loads su witch loads su witch loads su witch loads su

duro · 12-12-2010, 03:02 AM

Tried that also and the result doesn't change - still can't su or su- and cpu load is showing 100%.

catkin · 12-12-2010, 06:14 AM

Have you tried using strace in case it shows what su is looping on?

Bertical · 12-12-2010, 09:28 AM

This looks a bit odd :

Code:

Dec 10 19:20:30 linux groupadd[6970]: new group: name=ftp-users, GID=1000
Dec 10 19:22:37 linux useradd[6982]: new user: name=ftp, UID=1001, GID=1000, home=/mnt/hd/ftp/, shell=/bin/bash

as groupadd on my 32 bit Slack-13.1 box gives the first user added a matching UID and GID of 1000 :

Code:

[ewok@wicket:~] $ id
uid=1000(ewok) gid=1000(ewok) groups=1000(ewok),11(floppy),16(dialout),17(audio),18(video),19(cdrom),20(games),83(plugdev),84(power),86(netdev),93(scanner)
[ewok@wicket:~] $

It looks like the ftp-users GID has overwritten the first users GID. The defaults are in /etc/login.defs I think and start at 1000 for GID and UID.

tronayne · 12-12-2010, 09:30 AM

This may be completely off the wall, but some of the log entries in your initial post look a little strange and I got to wondering...

If you log in on the console as root (don't startx or anything), you should be able to

Code:

pita-root-/root: su - your_account

and become "you" as if you logged in as "you;" i.e., your profile is executed and all is normal -- that's if SU_NAME su is commented-out in /etc/login.defs. Logged in as root, you will not be prompted for a password to become another user, but, logged-in as an "ordinary" user and executing su - you will be prompted for the root password (that does happen, right?).

Just in case, you should see something pretty much like this if you

Code:

pita-root-/root: groups
root bin daemon sys adm disk wheel floppy audio video cdrom tape plugdev power usbfs netdev scanner

and as "you"

Code:

pita-trona-/home/trona: groups
users lp floppy audio video cdrom plugdev power usbfs netdev scanner vboxusers cvs

(you probably won't have scanner, vboxusers and cvs.)

Logged in a "you," executing su - and hitting the carriage return (or typing an invalid root password) for the password prompt should result in

Code:

pita-trona-/home/trona: su -
Password: 
su: Authentication failure

If you're logged in as root, you will not be prompted for a password for any other user.

Here's what /var/log/secure looks like from bouncing around for this post:

Code:

pita-root-/root: cat /var/log/secure
Dec 12 09:35:26 pita su[14381]: Successful su for root by trona
Dec 12 09:35:26 pita su[14381]: + /dev/pts/1 trona:root
Dec 12 09:43:30 pita su[14705]: Successful su for root by trona
Dec 12 09:43:30 pita su[14705]: + /dev/pts/1 trona:root
Dec 12 09:46:09 pita su[14803]: Authentication failed for root               carriage return at password prompt
Dec 12 09:46:09 pita su[14803]: FAILED su for root by trona
Dec 12 09:46:09 pita su[14803]: - /dev/pts/1 trona:root
Dec 12 09:47:21 pita su[14868]: Authentication failed for root               invalid root password
Dec 12 09:47:21 pita su[14868]: FAILED su for root by trona
Dec 12 09:47:21 pita su[14868]: - /dev/pts/1 trona:root
Dec 12 09:47:29 pita su[14872]: Successful su for root by trona
Dec 12 09:47:29 pita su[14872]: + /dev/pts/1 trona:root

Note, too, that the responses are instantaneously returned for both successful and failed su - attempts.

The only additional things I can think of that may -- may -- cause problems is that you've edited your /etc/login.defs file and something is screwy in there or that for whatever reason you cannot log in as root (which kinda seems way far out there and probably not ever relevant but there you are).

And, /bin/shy is the same size and mask as yours:

Code:

pita-root-/root: ls -al /bin/su
-rws--x--x 1 root root 66179 2010-02-28 15:19 /bin/su*

Realizing that this is a long listing, here's my Slackware-64 13.1 /etc/login.defs, which is "known-good."

Code:

pita-trona-/home/trona: cat /etc/login.defs 
#
# /etc/login.defs - Configuration control definitions for the shadow package.
#
#       $Id: login.defs 3038 2009-07-23 20:41:35Z nekral-guest $
#

#
# Delay in seconds before being allowed another attempt after a login failure
#
FAIL_DELAY              3

#
# Enable logging and display of /var/log/faillog login failure info.
#
FAILLOG_ENAB            yes

#
# Enable display of unknown usernames when login failures are recorded.
#
LOG_UNKFAIL_ENAB        no

#
# Enable logging of successful logins
#
LOG_OK_LOGINS           no

#
# Enable logging and display of /var/log/lastlog login time info.
#
LASTLOG_ENAB            yes

#
# Enable checking and display of mailbox status upon login.
#
# Disable if the shell startup files already check for mail
# ("mailx -e" or equivalent).
#
MAIL_CHECK_ENAB         yes

#
# Enable additional checks upon password changes.
#
OBSCURE_CHECKS_ENAB     yes

#
# Enable checking of time restrictions specified in /etc/porttime.
#
PORTTIME_CHECKS_ENAB    yes

#
# Enable setting of ulimit, umask, and niceness from passwd gecos field.
#
QUOTAS_ENAB             yes

#
# Enable "syslog" logging of su activity - in addition to sulog file logging.
# SYSLOG_SG_ENAB does the same for newgrp and sg.
#
SYSLOG_SU_ENAB          yes
SYSLOG_SG_ENAB          yes

#
# If defined, either full pathname of a file containing device names or
# a ":" delimited list of device names.  Root logins will be allowed only
# upon these devices.
#
CONSOLE         /etc/securetty
#CONSOLE        console:tty01:tty02:tty03:tty04

#
# If defined, all su activity is logged to this file.
#
#SULOG_FILE     /var/log/sulog

#
# If defined, ":" delimited list of "message of the day" files to
# be displayed upon login.
#
MOTD_FILE       /etc/motd
#MOTD_FILE      /etc/motd:/usr/lib/news/news-motd

#
# If defined, this file will be output before each login prompt.
#
#ISSUE_FILE     /etc/issue

#
# If defined, file which maps tty line to TERM environment parameter.
# Each line of the file is in a format something like "vt100  tty01".
#
#TTYTYPE_FILE   /etc/ttytype

#
# If defined, login failures will be logged here in a utmp format.
# last, when invoked as lastb, will read /var/log/btmp, so...
#
FTMP_FILE       /var/log/btmp

#
# If defined, name of file whose presence which will inhibit non-root
# logins.  The contents of this file should be a message indicating
# why logins are inhibited.
#
NOLOGINS_FILE   /etc/nologin

#
# If defined, the command name to display when running "su -".  For
# example, if this is defined as "su" then a "ps" will display the
# command is "-su".  If not defined, then "ps" would display the
# name of the shell actually being run, e.g. something like "-sh".
#
#SU_NAME                su

#
# *REQUIRED*
#   Directory where mailboxes reside, _or_ name of file, relative to the
#   home directory.  If you _do_ define both, MAIL_DIR takes precedence.
#
MAIL_DIR        /var/spool/mail
#MAIL_FILE      .mail

#
# If defined, file which inhibits all the usual chatter during the login
# sequence.  If a full pathname, then hushed mode will be enabled if the
# user's name or shell are found in the file.  If not a full pathname, then
# hushed mode will be enabled if the file exists in the user's home directory.
#
HUSHLOGIN_FILE  .hushlogin
#HUSHLOGIN_FILE /etc/hushlogins

#
# If defined, either a TZ environment parameter spec or the
# fully-rooted pathname of a file containing such a spec.
#
#ENV_TZ         TZ=CST6CDT
#ENV_TZ         /etc/tzname

#
# If defined, an HZ environment parameter spec.
#
# for Linux/x86
ENV_HZ          HZ=100
# For Linux/Alpha...
#ENV_HZ         HZ=1024

#
# *REQUIRED*  The default PATH settings, for superuser and normal users.
#
# (they are minimal, add the rest in the shell startup files)
ENV_SUPATH     PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin
ENV_PATH       PATH=/usr/local/bin:/bin:/usr/bin

#
# Terminal permissions
#
#       TTYGROUP        Login tty will be assigned this group ownership.
#       TTYPERM         Login tty will be set to this permission.
#
# If you have a "write" program which is "setgid" to a special group
# which owns the terminals, define TTYGROUP to the group number and
# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
# TTYPERM to either 622 or 600.
#
TTYGROUP        tty
TTYPERM         0620

#
# Login configuration initializations:
#
#       ERASECHAR       Terminal ERASE character ('\010' = backspace).
#       KILLCHAR        Terminal KILL character ('\025' = CTRL/U).
#       ULIMIT          Default "ulimit" value.
#
# The ERASECHAR and KILLCHAR are used only on System V machines.
# The ULIMIT is used only if the system supports it.
# (now it works with setrlimit too; ulimit is in 512-byte units)
#
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
#
ERASECHAR       0177
KILLCHAR        025
#ULIMIT         2097152

# Default initial "umask" value.
# UMASK is also used by useradd and newusers to set the mode of new home
# directories.
# 022 is the default value, but 027, or even 077, could be considered
# better for privacy. There is no One True Answer here: each sysadmin
# must make up her mind.
UMASK           022

#
# Password aging controls:
#
#       PASS_MAX_DAYS   Maximum number of days a password may be used.
#       PASS_MIN_DAYS   Minimum number of days allowed between password changes.
#       PASS_MIN_LEN    Minimum acceptable password length.
#       PASS_WARN_AGE   Number of days warning given before a password expires.
#
PASS_MAX_DAYS   99999
PASS_MIN_DAYS   0
PASS_MIN_LEN    5
PASS_WARN_AGE   7

#
# If "yes", the user must be listed as a member of the first gid 0 group
# in /etc/group (called "root" on most Linux systems) to be able to "su"
# to uid 0 accounts.  If the group doesn't exist or is empty, no one
# will be able to "su" to uid 0.
#
SU_WHEEL_ONLY   no

#
# If compiled with cracklib support, where are the dictionaries
#
#CRACKLIB_DICTPATH      /var/cache/cracklib/cracklib_dict

#
# Min/max values for automatic uid selection in useradd
#
UID_MIN                  1000
UID_MAX                 60000
# System accounts
SYS_UID_MIN               101
SYS_UID_MAX               999

#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN                  1000
GID_MAX                 60000
# System accounts
SYS_GID_MIN               101
SYS_GID_MAX               999

#
# Max number of login retries if password is bad
#
LOGIN_RETRIES           5

#
# Max time in seconds for login
#
LOGIN_TIMEOUT           60

#
# Maximum number of attempts to change password if rejected (too easy)
#
PASS_CHANGE_TRIES       5

#
# Warn about weak passwords (but still allow them) if you are root.
#
PASS_ALWAYS_WARN        yes

#
# Number of significant characters in the password for crypt().
# Default is 8, don't change unless your crypt() is better.
# Ignored if MD5_CRYPT_ENAB set to "yes".
#
#PASS_MAX_LEN           8

#
# Require password before chfn/chsh can make any changes.
#
CHFN_AUTH               yes

#
# Which fields may be changed by regular users using chfn - use
# any combination of letters "frwh" (full name, room number, work
# phone, home phone).  If not defined, no changes are allowed.
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
# 
CHFN_RESTRICT           frwh

#
# Password prompt (%s will be replaced by user name).
#
# XXX - it doesn't work correctly yet, for now leave it commented out
# to use the default which is just "Password: ".
#LOGIN_STRING           "%s's Password: "

#
# Only works if compiled with MD5_CRYPT defined:
# If set to "yes", new passwords will be encrypted using the MD5-based
# algorithm compatible with the one used by recent releases of FreeBSD.
# It supports passwords of unlimited length and longer salt strings.
# Set to "no" if you need to copy encrypted passwords to other systems
# which don't understand the new algorithm.  Default is "no".
#
# This variable is deprecated. You should use ENCRYPT_METHOD.
#
#MD5_CRYPT_ENAB no

#
# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
# If set to MD5 , MD5-based algorithm will be used for encrypting password
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
# If set to DES, DES-based algorithm will be used for encrypting password (default)
# Overrides the MD5_CRYPT_ENAB option
#
ENCRYPT_METHOD MD5

#
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
#
# Define the number of SHA rounds.
# With a lot of rounds, it is more difficult to brute forcing the password.
# But note also that it more CPU resources will be needed to authenticate
# users.
#
# If not specified, the libc will choose the default number of rounds (5000).
# The values must be inside the 1000-999999999 range.
# If only one of the MIN or MAX values is set, then this value will be used.
# If MIN > MAX, the highest value will be used.
#
# SHA_CRYPT_MIN_ROUNDS 5000
# SHA_CRYPT_MAX_ROUNDS 5000

#
# List of groups to add to the user's supplementary group set
# when logging in on the console (as determined by the CONSOLE
# setting).  Default is none.
#
# Use with caution - it is possible for users to gain permanent
# access to these groups, even when not logged in on the console.
# How to do it is left as an exercise for the reader...
#
# Most of these groups are self-explanatory.
#
# Note that users are added to these default groups only when
# logging into a shell with /bin/login, not when using a login
# manager such as kdm.  In that case, users who should have
# hardware access must be added to the appropriate groups
# when the user is added with adduser or useradd, or by editing
# /etc/group directly, preferably using "vigr"
#
CONSOLE_GROUPS         floppy:audio:cdrom:video:scanner

#
# Should login be allowed if we can't cd to the home directory?
# Default in no.
#
DEFAULT_HOME    yes

#
# If this file exists and is readable, login environment will be
# read from it.  Every line should be in the form name=value.
#
ENVIRON_FILE    /etc/environment

#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL_CMD    /usr/sbin/userdel_local

#
# Enable setting of the umask group bits to be the same as owner bits
# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
# the same as gid, and username is the same as the primary group name.
#
# This also enables userdel to remove user groups if no members exist.
#
USERGROUPS_ENAB yes

#
# If set to a non-nul number, the shadow utilities will make sure that
# groups never have more than this number of users on one line.
# This permit to support split groups (groups split into multiple lines,
# with the same group ID, to avoid limitation of the line length in the
# group file).
#
# 0 is the default value and disables this feature.
#
#MAX_MEMBERS_PER_GROUP  0

#
# If useradd should create home directories for users by default (non
# system users only)
# This option is overridden with the -M or -m flags on the useradd command
# line.
#
#CREATE_HOME     yes

Hope this helps some.

tronayne · 12-12-2010, 09:41 AM

Oops, forgot in the above...

It appears that you've added a user ftp? There already is an ftp user

Code:

ftp:x:14:50::/home/ftp:/bin/false

Your /etc/passwd file should look like this (root and all users on my systems use Korn Shell instead of BASH, so ignore that):

Code:

pita-trona-/home/trona: cat /etc/passwd
root:x:0:0::/root:/bin/ksh
bin:x:1:1:bin:/bin:/bin/false
daemon:x:2:2:daemon:/sbin:/bin/false
adm:x:3:4:adm:/var/log:/bin/false
lp:x:4:7:lp:/var/spool/lpd:/bin/false
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/:/bin/false
news:x:9:13:news:/usr/lib/news:/bin/false
uucp:x:10:14:uucp:/var/spool/uucppublic:/bin/false
operator:x:11:0:operator:/root:/bin/bash
games:x:12:100:games:/usr/games:/bin/false
ftp:x:14:50::/home/ftp:/bin/false
smmsp:x:25:25:smmsp:/var/spool/clientmqueue:/bin/false
mysql:x:27:27:MySQL:/var/lib/mysql:/bin/false
rpc:x:32:32:RPC portmap user:/:/bin/false
sshd:x:33:33:sshd:/:/bin/false
gdm:x:42:42:GDM:/var/state/gdm:/bin/bash
oprofile:x:51:51:oprofile:/:/bin/false
apache:x:80:80:User for Apache:/srv/httpd:/bin/false
messagebus:x:81:81:User for D-BUS:/var/run/dbus:/bin/false
haldaemon:x:82:82:User for HAL:/var/run/hald:/bin/false
pop:x:90:90:POP:/:/bin/false
nobody:x:99:99:nobody:/:/bin/false
trona:x:1000:100:Thomas Ronayne,,,:/home/trona:/bin/ksh
dronayne:x:1001:100:Diane Ronayne,,,:/home/dronayne:/bin/ksh
postgres:x:209:209::/var/lib/pgsql:

Note that users start are 1000 and increment from there.

And your /etc/group file should look like this:

Code:

pita-trona-/home/trona: cat /etc/group
root:x:0:root
bin:x:1:root,bin
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
disk:x:6:root,adm
lp:x:7:lp,trona,dronayne
mem:x:8:
kmem:x:9:
wheel:x:10:root
floppy:x:11:root,trona,dronayne
mail:x:12:mail
news:x:13:news
uucp:x:14:uucp
man:x:15:
dialout:x:16:uucp
audio:x:17:root,trona,dronayne
video:x:18:root,trona,dronayne
cdrom:x:19:root,trona,dronayne
games:x:20:
slocate:x:21:
utmp:x:22:
smmsp:x:25:smmsp
tape:x:26:root
mysql:x:27:
rpc:x:32:
sshd:x:33:sshd
gdm:x:42:
shadow:x:43:
ftp:x:50:
oprofile:x:51:
apache:x:80:
messagebus:x:81:
haldaemon:x:82:
plugdev:x:83:root,trona,dronayne
power:x:84:root,trona,dronayne
usbfs:x:85:root,trona,dronayne,vboxusers
netdev:x:86:root,trona,dronayne
pop:x:90:pop
scanner:x:93:root,trona,dronayne
nobody:x:98:nobody
nogroup:x:99:
users:x:100:
console:x:101:
vboxusers:x:102:trona,dronayne
cvs:x:103:trona,dronayne
postgres:x:209:

You probably won't have vboxusers, cvs, and postgres unless you've added those.

Hope this helps some.

duro · 12-12-2010, 04:23 PM

Quote:

Originally Posted by catkin

Have you tried using strace in case it shows what su is looping on?

Thanks for pointing that out for me - I've completly forgot about strace. And thanks to it I've managed to solve the problem. The /etc/shells was at fault. As you can see the file is never closed so the procedure can't continue and in result su "hangs up".

Code:

open("/etc/shells", O_RDONLY)           = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=9, ...}) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=9, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc90a5f8000
read(3, "/bin/bash"..., 4096)           = 9
read(3, ""..., 4096)                    = 0

The solution was as simple as it could be - just remove /etc/shells file.

@tronayne thanks for complex answers. They didn't quite solve the case but I've learned a couple of new things so nonetheless they were helpful.

Thx to all others who tried to help, I really appreciate it.

catkin · 12-12-2010, 09:27 PM

Glad you solved it but what was wrong with /etc/shells? On a default Slackware64 13.1 it looks like:

Code:

/bin/bash
/bin/tcsh
/bin/csh
/bin/ash
/bin/ksh
/bin/zsh

duro · 12-13-2010, 01:50 AM

Quote:

Originally Posted by catkin

Glad you solved it but what was wrong with /etc/shells?

Yeah, I've checked the permissions and content on two machines and you wouldn't believe how small thing was the issue.
Well, as I mentioned before I was playing with vsftpd and config files (I think /etc/shells was one of them) and I forgot to put an newline before EOF. How trivial is that?

File after vsftpd play:

Code:

/bin/bashEOF

Note that EOF means here end of file and is automatically there when you save your file.

Corrected file which works well with su:

Code:

/bin/bash\n
# Here optionally other shells
EOF

\n is a newline (line feed) and isn't displayed either (unless you configured your program to display that kind of characters).

catkin · 12-13-2010, 02:33 AM

Thanks for the update

Like you wrote, it is surprising that su behaves so badly when presented with such a small and probable deviation from the expected format of /etc/shells. You could report it as a defect. GNU ask users to first contact their distro distributors (this page) so a first step would be to ask in the Slackware forum because AFAIK Slackware does not have a public bug reporting system.