su doesn't work after yast2 security change
HI, I am noticing that the su command fails after using yast2 (curses based version) to configure security. It appears that the file permissions -> paranoid selection breaks su. One problem that I easily found is that it changes the permissions for /etc/login.defs to 600, which appears to prevent anybody but root to login. But even after fixing those perms to 644 I can't use su anymore. I can't even su to another regular user. /etc/pam.d/su doesn't appear to be the problem. Any hints? Thanks, Ferdinand -- Ferdinand Schmid Architectural Energy Corporation Celebrating 20 Years of Improving Building Energy Performance http://www.archenergy.com
Make sure that /bin/su has the suid bit set, ie 4750. -----Original Message----- From: Ferdinand Schmid [mailto:fschmid@archenergy.com] Sent: Thursday, August 08, 2002 3:38 PM To: suse-security@suse.com Subject: [suse-security] su doesn't work after yast2 security change HI, I am noticing that the su command fails after using yast2 (curses based version) to configure security. It appears that the file permissions -> paranoid selection breaks su. One problem that I easily found is that it changes the permissions for /etc/login.defs to 600, which appears to prevent anybody but root to login. But even after fixing those perms to 644 I can't use su anymore. I can't even su to another regular user. /etc/pam.d/su doesn't appear to be the problem. Any hints? Thanks, Ferdinand -- Ferdinand Schmid Architectural Energy Corporation Celebrating 20 Years of Improving Building Energy Performance http://www.archenergy.com -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
the paranoid selection will make su available only to root. You have to
change /etc/permissions.paranoid so that /bin/su will be something other
than 600.
----- Original Message -----
From: "Ferdinand Schmid"
HggdH wrote:
the paranoid selection will make su available only to root. You have to change /etc/permissions.paranoid so that /bin/su will be something other than 600. <snip> Thanks for the incredibly fast and competent answers. Editing /etc/permissions.paranoid to add the suid bit worked. The first answer to my question also adressed this issue.
Thanks, Ferdinand -- Ferdinand Schmid Architectural Energy Corporation Celebrating 20 Years of Improving Building Energy Performance http://www.archenergy.com
Ferdinand, You are creating maintenance headaches for yourself if you edit permissions.paranoid because it will revert next time you do an upgrade. The clean solution is to edit /etc/permissions.local as these permissions are applied after the paranoid ones. Also read the comments at the start of /etc/permissions.paranoid. Bob On Thu, 8 Aug 2002, Ferdinand Schmid wrote:
HggdH wrote:
the paranoid selection will make su available only to root. You have to change /etc/permissions.paranoid so that /bin/su will be something other than 600. <snip> Thanks for the incredibly fast and competent answers. Editing /etc/permissions.paranoid to add the suid bit worked. The first answer to my question also adressed this issue.
Thanks, Ferdinand
-- Ferdinand Schmid Architectural Energy Corporation Celebrating 20 Years of Improving Building Energy Performance http://www.archenergy.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691
Thanks for the info. Christpher at SuSE also pointed this out to me and I corrected my mistake. Ferdinand Bob Vickers wrote:
Ferdinand,
You are creating maintenance headaches for yourself if you edit permissions.paranoid because it will revert next time you do an upgrade. The clean solution is to edit /etc/permissions.local as these permissions are applied after the paranoid ones.
Also read the comments at the start of /etc/permissions.paranoid.
Bob
<snip> -- Ferdinand Schmid Architectural Energy Corporation Celebrating 20 Years of Improving Building Energy Performance http://www.archenergy.com
participants (4)
-
Bob Vickers -
Ferdinand Schmid -
HggdH -
Jeff Stewart