[SOLVED] Unix-chkpwd problem with Linux-PAM-1.1-1 trying to run su from shadow-4.1.4.2

hoes · 08-15-2010, 07:14 PM

I am trying to run su as a non privileged user to log in as root.
However, this only works when I make /etc/shadow world readable.
I have /lib/security/unix_chkpwd as a setuid root executable

I use the following pam-file for su:

Code:

# Begin /etc/pam.d/su

auth        sufficient      pam_rootok.so
auth        required        pam_unix.so
account     required        pam_unix.so
session     optional        pam_mail.so     dir=/var/mail standard
session     optional        pam_xauth.so
session     required        pam_env.so
session     required        pam_unix.so

# End /etc/pam.d/su

Has anyone got a clue to what's happening here?

hoes · 08-15-2010, 07:55 PM

I kept getting errors in auth.log like:

Code:

unix_chkpwd[7569]: check pass; user unknown
unix_chkpwd[7569]: password check failed for user (root)
su[7568]: pam_unix(su:auth): authentication failure;
logname=hugo uid=10056 euid=10056 tty=/dev/tty5 ruser=hugo rhost= user=root
su[7568]: pam_authenticate: Authentication failure
su[7568]: FAILED su for root by hugo
su[7568]: - /dev/tty5 hugo:root

I interpreted this as a failure of unix_chkpwd.
However, I had /bin/su as a regular executable.
Once I changed this to setuid root, everything worked.

So sorry, false alarm.

keypress · 04-06-2016, 06:44 AM

I have the same problem. What do you mean, that: "Once I changed this to setuid root, everything worked." What have you changed?

hoes · 04-06-2016, 01:39 PM

The /bin/su command should be run as root, even if it is called by a different user.
This can be done by having it owned by the root user and setting the setuid bit.
Have a look at: http://linuxg.net/how-to-set-the-set...inux-and-unix/

keypress · 04-07-2016, 03:25 AM

"chmod u+s /bin/su"

It works now. Thx a lot!