"authentication" doesn't work anymore
Hi guys!
Yesterday I shut down my system (Debian testing) and this very morning, just after the boot process had finished (with no error whatsoever), I ran into troubles (and I think that they're somehow "auth-related"): 1) X doesn't work anymore as a normal user (as root it still works) When launching 'startx' it says: Code:
X: unable to open wrapper config file /etc/X11/Xwrapper.config Code:
allowed_users=console Permissions are set to 600. By setting permissions to 644 I've managed to move a step forward. Now the error says: Code:
Fatal server error: Code:
Fatal server error: 2) su doesn't work anymore If I login as a root directly from the login console, there are no problems. If instead I try to su as another user, failures are experienced. auth.log as of yesterday: Code:
Oct 26 18:11:49 elisewin su[21566]: Successful su for root by fakk Code:
Oct 27 11:20:40 elisewin su[5126]: pam_unix(su:auth): authentication failure; logname=root uid=1000 euid=1000 tty=pts/2 ruser=fakk rhost= user=root For instance, crontab editing: Code:
fakk@elisewin:~$ crontab -e Uninstalling and then reinstalling it seems to be a crazy task (apt suggests me that I'm about to do something potentially harmful). That said, what do you think of my situations? Any advice before I screw up the whole installation (more than I've already done :P)? Thank you in advance (and sorry for the lengthiness). -- fakk |
It really sounds like you've removed all your setuid bits from these programs. X is normally a suid program so it runs as root and gives the user permission to access that Xwrapper.config file. Same with su its a suid program so you can elevate permissions to switch to another user.
As root you'll need to chmod u+s /bin/su; chmod ug+s /usr/bin/X |
Hi estabroo!
First of all, thank you for your help and the time you've dedicated to me! Quote:
The really weird thing is this: Code:
elisewin:~# find / -perm /u+s Code:
elisewin:/home/fakk# su fakk Code:
elisewin:/home/fakk# login |
Did you turn on some feature like selinux or apparmor and its preventing you from escalating your privs?
|
Nope, nothing like that.
Apart from launching a dist-upgrade this morning, after I noticed all these things, there's nothing else (as far as I remember). |
Anything showing up in the log files or in dmesg?
|
Check the ownership of those files and make sure root still owns them.
|
Log files seem normal:
- auth.log records that normal users keep on failing when trying to become superusers; - debug/dmesg/messages/syslog/kern.log are all clean; - Xorg.log only reports the root sessions errors (as normal users can't move nor write it). As for the owner of the files with their setuid bit set, it seems to be root: Code:
elisewin:/var/log# find / -perm /u+s -exec stat -c %U\ %n {} \; Code:
Oct 27 14:00:01 elisewin /USR/SBIN/CRON[6490]: (fakk) CMD (/usr/local/bin/updatecasts) Frankly, I've never ever seen something like this :scratch: |
Well maybe not possessed but certainly different. How about mount options, is your /, /usr, /sbin being mounted with nosuid option
try mount with no options and it should give you the mount information for everything mounted. |
As a matter of fact, they are!
Code:
elisewin:~# mount Code:
nosuid Do not allow set-user-identifier or set-group-identifier bits to take Code:
elisewin:/# mount -o remount,rw,suid / Thank you, man! You've definitely made my day! For the sake of completeness, here's my current '/etc/fstab': Code:
# <file system> <mount point> <type> <options> <dump> <pass> Besides, as it strikes, even my /mnt/other has the nosuid option set, although in the /etc/fstab was specified the string "defaults,user,rw" (which should result into "rw,suid,dev,exec,auto,user,async"). Thank you again for sticking with me all this time. Without your help I wouldn't even have imagined what could have possibly been the cause! :D |
:) Glad it turned out to be something "normal" and not a possession.
|
All times are GMT -5. The time now is 05:21 PM. |