su problem after upgrade
Not sure this is a Tumbleweed issue but the other day I realized that su/kde-su doesn't work anymore:
su Password: su: Authentication service cannot retrieve authentication info
/var/log/messages: 2021-12-11T09:52:58.007673+01:00 localhost unix_chkpwd[10249]: check pass; user unknown 2021-12-11T09:52:58.007775+01:00 localhost unix_chkpwd[10249]: password check failed for user (root) 2021-12-11T09:52:58.007907+01:00 localhost su: pam_unix(su:auth): authentication failure; logname= uid=1000 euid=1000 tty=/dev/pts/2 ruser=johndoe rhost= user=root 2021-12-11T09:53:00.664084+01:00 localhost su: FAILED SU (to root) johndoe on pts/2 (login with root did work) Thanks to the fantastic snapper possibilities it turns out that this started to happen right after upgrading from snapshot 20211102 to 20211126 and wasn't solved by upgrading to newer snapshots. Long story short: the file permissions of su changed during that upgrade (util-linux package?): Old: -rwsr-xr-x New: -rwxr-xr-x So I solved it by setting the setuid bit again: sudo chmod u+s /usr/bin/su But is this the correct solution or could the root cause be something else? -Miko
On 11.12.2021 14:49, Miko wrote:
Not sure this is a Tumbleweed issue but the other day I realized that su/kde-su doesn't work anymore:
su Password: su: Authentication service cannot retrieve authentication info
/var/log/messages: 2021-12-11T09:52:58.007673+01:00 localhost unix_chkpwd[10249]: check pass; user unknown 2021-12-11T09:52:58.007775+01:00 localhost unix_chkpwd[10249]: password check failed for user (root) 2021-12-11T09:52:58.007907+01:00 localhost su: pam_unix(su:auth): authentication failure; logname= uid=1000 euid=1000 tty=/dev/pts/2 ruser=johndoe rhost= user=root 2021-12-11T09:53:00.664084+01:00 localhost su: FAILED SU (to root) johndoe on pts/2
(login with root did work)
Thanks to the fantastic snapper possibilities it turns out that this started to happen right after upgrading from snapshot 20211102 to 20211126 and wasn't solved by upgrading to newer snapshots.
Long story short: the file permissions of su changed during that upgrade (util-linux package?):
Old: -rwsr-xr-x New: -rwxr-xr-x
So I solved it by setting the setuid bit again:
sudo chmod u+s /usr/bin/su
But is this the correct solution or could the root cause be something else?
/usr/bin/su permissions should be set according to current security level in /etc/sysconfig/security. You may want to check it, and files under /usr/share/permissions and /etc/permissions.*.
Am 11.12.2021 13:40, schrieb Andrei Borzenkov:
/usr/bin/su permissions should be set according to current security level in /etc/sysconfig/security. You may want to check it, and files under /usr/share/permissions and /etc/permissions.*.
Thank you! With that information I found the root cause: a faulty cp was done a few weeks ago which accidentally changed the owner of /usr/bin. That led to, among other things I guess, chkstat denying to change the file permissions in /usr/bin accordingly when being run. Therefore su didn't receive the setuid bit after upgrading to the mentioned snapshot which included an update of the util-linux package. -Miko
participants (2)
-
Andrei Borzenkov -
Miko