Hi, I think you're right... You have undone the work of harden_suse.. ;-) If you launch the diff: #> diff -y permissions.paranoid permissions.secure | grep '/bin/su' you can see that the su binary looses the SUID bit. Without that, you will not be able to switch to another user, 'cause you can't run the su whith root rights. If you start su, it's running with the userrights of your account and you will not have access to the file /etc/login.defs. --> ls -lan /etc/login.defs tells me that only root has read and write access. All other will be denied. So if you need the /bin/su, I think you have to change the /bin/su entrie in the permissions.paranoid file to something like 4755. I would suggest to reset the permissions to paranoid and change the config file for this mode... Christian Richard Ibbotson wrote:
Hi
just an idea.... Try to use su like this: "su -"
Hmm.... no. Doesn't want to play.
It seems that after installing harden_suse that permissions have been set as paranoid. Not something that I selected. At least.... if I look in YaST2 under permissions settings it says "paranoid". I've reset this to "secure" with YaST2 - probably something that I shouldn't do - and now I can log in once again.
Very strange :)
Of course, the problem now is ... having reset the permissions with YaST2 have I undone the work of harden_suse ? Can't work that one out :)