I haven't worked out why the login error occurs, but it is annoying. However, you can easily fix the su problem by editing the /etc/permissions.paranoid file and changing the value of /bin/su from 0755 to 4755 as shown below (this may have security implications for others!!): # suid system programs that need the suid bit to work: # /bin/su root:root 4755 Run "SuSEconfig" to update the file or change permissions manally. This at least will allow users to su to root. This was critical on a couple of boxes I had that were headless and keyboard-less, and root logins had been disabled! Bear in mind, any updates may change the value back. Cheers Ian -----Original Message----- From: White, Joseph [mailto:jwhite@sandia.gov] Sent: Thursday, April 21, 2005 8:28 AM To: suse-security@suse.com Subject: [suse-security] Paranoid File Permissions Hi All, Using Suse 9.2 /KDE w/GDM Has anyone noticed if you go into Yast and select security, then custom, and change file permissions from "Easy" to "Paranoid", once you do that you will not be able to unlock your screen saver or su to root. Also, if your logged in as a regular user and you launch Yast it will ask for you root password, probably just anther su function, but that won't work any longer as well. You have to log out and log back in as root to run Yast to undo the setting. It is probably messing with 'pam' in some strange way, but don't know exactly. Thanks, Joe -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here