Cannot su, or su - to anything ~ including root

Cannot su, or su - to anything ~ including root

Post by Perry Whel » Fri, 28 Dec 2001 04:02:03



Running under Solaris 2.8 on a U450 utilizing NIS I can nolonger su or
su - to anything.  I'm not real sure where to begin w/ this, it just
kinda started ~ no changes to any system files or anyhting of the
sort.

command issued: su -

I get the password prompt, but then after that it just hangs...  I've
tried [su USERNAME], [su - USERNAME], [su USERNAME -c "/usr/bin/sh"]
all to no avail.

Thnks!
Perry Whelan

 
 
 

Cannot su, or su - to anything ~ including root

Post by Perry Whel » Sat, 29 Dec 2001 03:36:11


1) Can you log in to the console directly as root?   ---  This will
eliminate a modified passwd or shadow file...

Yes

2) Assuming that you can log in as root the problem becomes a bit more
Complicated.  I would then check /var/adm/messages and /var/adm/sulog.
 Either one of these files might provide you with information to solve
to problem...

Unfortunatly there are no messages regarding anything to do with this
problem in /var/adm/messages$.  However, something interesting is that
in /var/adm/sulog, there are no entries after approx. the time that
this issue began, possibly because no attempts are successful?

3) Can you read man pages? Wouldn't hurt for you to do a man on su.
You'll see the different files and processes involved when the su
program is invoked.  If you are having network problems which will
effect NIS and should show up in the messages file, you'll experience
hangs like what you described.  I kind of hope that you don't have the
root password kept under NIS.  You don't state but I hope that you are
using NIS+ and not NIS.  Years ago when I first used NIS and NIS+
keeping the root password under NIS(+) control was a major "no-no"
largely because if the service failed (which I saw NIS+ do quite
frequently in its' infancy) you were hosed big time...

Yes I can read man pages.  I am having no network problems, I am
running NIS, not NIS+, and root is NOT under NIS here.

I had a thought that maybee the permissions had been corrupted because
in reading other threads here I see disputes about what they "ought"
to be.  So I changed them on /bin/su and did a (pkgchk -p /usr/bin/su)
to see what the defaults "ought" to be.  It returned stating the
expected was 4555, i had it set (for testing purposes remember) to
775.  It was at this time that I noticed something interesting.  Well
remember that with the permissions set to 4555 (the default) I always
hang.  Only when set to 775 did I get any kind of output.  Look:

-r-sr-xr-x   1 root     sys        17564 Mar 16  2000 su*
Command issued: su root
password:
------Hangs here------

-r-sr-xr-x   1 root     sys        17564 Mar 16  2000 su*
Command issued: su $username
password:
------Hangs here-----

-rwxrwxr-x   1 root     sys        17564 Mar 16  2000 su*
Command issued: su root
password:
------sorry------

-rwxrwxr-x   1 root     sys        17564 Mar 16  2000 su*
Command issued: su $username
password:
------READ NOTE------
Note: If password is entered incorrectly it outputs "sorry".  If
password is entered correctly no error is given but no su takes place
(i.e. you stay in your original shell as though you issued no
command).

Thanks for any input!
Perry

 
 
 

Cannot su, or su - to anything ~ including root

Post by Rich Tee » Sat, 29 Dec 2001 04:50:26



Quote:> Note: If password is entered incorrectly it outputs "sorry".  If
> password is entered correctly no error is given but no su takes place
> (i.e. you stay in your original shell as though you issued no
> command).

Probably not what you want to hear, but you might have been
cracked.  Maybe someone has replaced you su with a version
that doesn't work?

Might be worth checking checksums, etc.  If they don't match,
the only safe thing you can do re-install the system from scratch,
and go back to your last known-to-be-goof backup...  :-(

--
Rich Teer                                           .  *   * . * .* .
                                                     .   *   .   .*
President,                                          * .  . /\ ( .  . *
Rite Online Inc.                                     . .  / .\   . * .
                                                    .*.  / *  \  . .
                                                      . /*   o \     .
Voice: +1 (250) 979-1638                            *   '''||'''   .
URL: http://www.rite-online.net                     ******************

 
 
 

Cannot su, or su - to anything ~ including root

Post by Perry Whel » Sat, 29 Dec 2001 07:16:20




> > Note: If password is entered incorrectly it outputs "sorry".  If
> > password is entered correctly no error is given but no su takes place
> > (i.e. you stay in your original shell as though you issued no
> > command).

> Probably not what you want to hear, but you might have been
> cracked.  Maybe someone has replaced you su with a version
> that doesn't work?

> Might be worth checking checksums, etc.  If they don't match,
> the only safe thing you can do re-install the system from scratch,
> and go back to your last known-to-be-goof backup...  :-(

> --
> Rich Teer                                           .  *   * . * .* .
>                                                      .   *   .   .*
> President,                                          * .  . /\ ( .  . *
> Rite Online Inc.                                     . .  / .\   . * .
>                                                     .*.  / *  \  . .
>                                                       . /*   o \     .
> Voice: +1 (250) 979-1638                            *   '''||'''   .
> URL: http://www.rite-online.net                     ******************

Good news everyone, I figured it out!  After too many hours of angst!
Turns out that su was not working because syslog.d wasn't running.
Apparently the cron daemon had crashed it, not sure why yet, but I
found that i was getting nothing from ps -e | grep syslog.  I got
worried so I restarted it from /etc/init.d/syslog.d restart, all is
good again!

Thanks for the brain storm!
Perry

 
 
 

1. differences between su root and su - root

Hey there.  I have a problem.  I have a user who needs to ftp off my
non-ftp server using a tunnel through the firewall.  If the user tries
to ftp, they get the following:

422 [people2]ediprod:/gentran/prod> ftp nnn.nnn.nnn.nnn
Connected to nnn.nnn.nnn.nnn.
220 ieftp5 IE-FTP server (v4r1m0.e) ready on system USA.

(It hangs up with no logon prompt)

If I do a su root, I get the same thing:

246 [people2]ediprod:/gentran/prod> ftp nnn.nnn.nnn.nnn
Connected to nnn.nnn.nnn.nnn.
220 ieftp5 IE-FTP server (v4r1m0.e) ready on system USA.

(It hangs up with no logon prompt)

But, if I use su - root, I get a successful connection:

people2:/)ftp nnn.nnn.nnn.nnn
Connected to nnn.nnn.nnn.nnn.
220 ieftp5 IE-FTP server (v4r1m0.e) ready on system USA.
Name (nnn.nnn.nnn.nnn:xxxxxxx):

I did a path and env on both the su and the - su and the only
difference that I can see is this line:

su - root : AUTHSTATE=files
su root   : AUTHSTATE=compat

However, even if I change the AUTHSTATE in the su root with the
command
 people2:/)export AUTHSTATE=files , it still does not work.

Can anyone tell me what I am missing here and help be resolve this
issue so my user will be a happy camper??

thanks in advance, and have a great new year.

clark 'the dragon' willis

2. `pwd` in Shell prompt

3. su root: You do not have permission to su root ?

4. migrating HDD from celeron system to athlon system

5. Solution: differences between su root and su - root

6. DPT SCSI Alpha driver problems....

7. su problem: su: cannot set groups: Operation not permitted

8. ftape/insmod unresolved symbols

9. su to a user then su to root in startup script

10. su problem -- su: Unknown id: root

11. GNU su (was Re: Preventing SU Root)

12. Could su but says BAD SU from normal user to root

13. konquerer su as root won't let me edit anything