Thursday, October 16, 2008

Linux: su not working? SUID

Problem

on sh-demo, su not working. Display "incorrect password " even when the password is correct.


[jianli2@sh-demo ~]$ id
uid=500(jianli2) gid=500(jianli2) groups=500(jianli2)
[jianli2@sh-demo ~]$ su root
Password:
su: incorrect password
[jianli2@sh-demo ~]$

Solution
/bin/su should be set as SUID file but someone changed it. Need to change back as root:

chmod 4755 /bin/su

SUID (set uder id) and SGID (set group id). When set this for a file, will casue any person or process that runs the file to have access to system resources as though they are owner of the file.

SUID: chmod 4000 filename

SGID: chmod 2000 filename

This is a very dangerous action and Linux by default already removed the function of SUID & SUID on script file.


Detailed Step
(1) Find out the /bin/su file permerssion is changed

+ ls -lt /bin/su
-rwxr-xr-x 1 ecarter root 27052 2007-04-02 23:33 /bin/su


(2) As root, change back the permission for file

chmod 4755 /usr/bin/su

$ ls -lt /bin/su

-rwsr-xr-x 1 root root 27052 2007-04-02 23:33 /bin/su


Links
SUID SGID and fix-mode
Danger of SUID Shell Scripts

Tag
SUID SGID setuid set user id

Linux: Deny Access from Certain Machine

Problem
Wrongly configured automation scripts logged in my VMware Linux and cleaned my environment!!

Solution
Prevent connections from the scripting machine sh-demo

Detailed Step
(1) Login as root and edit file /etc/hosts.deny
(2) Add one line and save; it will become effective immediately

ALL:sh-demo
or
ALL:10.10.49.36

Links
Using TCP Wrappers to secure Linux
RedHat 9: Chapter 15 TCP Wrappers and xinetd

Tag
deny connection; /etc/hosts.deny; TCP wrapper