Thursday, October 16, 2008

Linux: su not working? SUID

Problem

on sh-demo, su not working. Display "incorrect password " even when the password is correct.


[jianli2@sh-demo ~]$ id
uid=500(jianli2) gid=500(jianli2) groups=500(jianli2)
[jianli2@sh-demo ~]$ su root
Password:
su: incorrect password
[jianli2@sh-demo ~]$

Solution
/bin/su should be set as SUID file but someone changed it. Need to change back as root:

chmod 4755 /bin/su

SUID (set uder id) and SGID (set group id). When set this for a file, will casue any person or process that runs the file to have access to system resources as though they are owner of the file.

SUID: chmod 4000 filename

SGID: chmod 2000 filename

This is a very dangerous action and Linux by default already removed the function of SUID & SUID on script file.


Detailed Step
(1) Find out the /bin/su file permerssion is changed

+ ls -lt /bin/su
-rwxr-xr-x 1 ecarter root 27052 2007-04-02 23:33 /bin/su


(2) As root, change back the permission for file

chmod 4755 /usr/bin/su

$ ls -lt /bin/su

-rwsr-xr-x 1 root root 27052 2007-04-02 23:33 /bin/su


Links
SUID SGID and fix-mode
Danger of SUID Shell Scripts

Tag
SUID SGID setuid set user id

No comments: