# su - takes a long time to process

## madchaz

I'm having a problem with doing su at the moment on my home server. When I use su to switch to root (with su - or just su), it takes between 30 to 60 seconds to login. The issue is only from a normal user to root, not the other way around. 

I also ONLY have the issue when I use su. Getting in as root directly (at the console or via ssh) works without any delay. 

I don't have the kerberos use flag and haven't configured anything fancy for authentication, so I'm a bit lost. 

I don't see anything in messages or /var/log that points me to the right place. 

The whole thing started while I was trying to get xforwarding to work with ssh, so it's likely I changed something I shouldn't have. Just not sure what ...

Edit: To clarify, I do su -, press enter, get asked my password, wait 30+ sec, get root prompt.

----------

## Hu

What does dev-util/strace show happening during the stalled period?

----------

## madchaz

I tried using the command below to trace it (once I had installed strace), but I get an authentication failure if I try to launch su with strace

```
madchaz@sonofboo ~ $ strace -o su.log /bin/su -

Password:

su: Authentication failure

madchaz@sonofboo ~ $

```

it works fine if I just do su - (except for the stated problem)

maybe I'm using it wrong?

----------

## Hu

Yes.  Only root can strace a process under a user ID other than the invoker of strace.  The simplest solution would be to have a root shell strace your normal shell and its children, then su from that traced shell.

----------

## madchaz

```
Process 7418 attached - interrupt to quit

read(0, "s", 1)                         = 1

rt_sigprocmask(SIG_BLOCK, [INT], [], 8) = 0

write(2, "s", 1)                        = 1

rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0

rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0

read(0, "u", 1)                         = 1

rt_sigprocmask(SIG_BLOCK, [INT], [], 8) = 0

write(2, "u", 1)                        = 1

rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0

rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0

read(0, " ", 1)                         = 1

rt_sigprocmask(SIG_BLOCK, [INT], [], 8) = 0

write(2, " ", 1)                        = 1

rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0

rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0

read(0, "-", 1)                         = 1

rt_sigprocmask(SIG_BLOCK, [INT], [], 8) = 0

write(2, "-", 1)                        = 1

rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0

rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0

read(0, "\r", 1)                        = 1

write(2, "\n", 1)                       = 1

rt_sigprocmask(SIG_BLOCK, [INT], [], 8) = 0

ioctl(0, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig icanon echo ...}) = 0

rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0

rt_sigaction(SIGINT, {0x808be70, [], 0}, {0x80bfaa3, [], 0}, 8) = 0

rt_sigaction(SIGTERM, {SIG_IGN, [], 0}, {SIG_IGN, [], 0}, 8) = 0

rt_sigaction(SIGQUIT, {SIG_IGN, [], 0}, {SIG_IGN, [], 0}, 8) = 0

rt_sigaction(SIGALRM, {0x808bc32, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM SYS], 0}, {0x80bfaa3, [], 0}, 8) = 0

rt_sigaction(SIGTSTP, {SIG_IGN, [], 0}, {SIG_IGN, [], 0}, 8) = 0

rt_sigaction(SIGTTOU, {SIG_IGN, [], 0}, {SIG_IGN, [], 0}, 8) = 0

rt_sigaction(SIGTTIN, {SIG_IGN, [], 0}, {SIG_IGN, [], 0}, 8) = 0

rt_sigaction(SIGWINCH, {0x808bab4, [], 0}, {0x80bf9d0, [], SA_RESTART}, 8) = 0

rt_sigaction(SIGINT, {0x808be70, [], 0}, {0x808be70, [], 0}, 8) = 0

time(NULL)                              = 1291907528

stat64(".", {st_mode=S_IFDIR|0770, st_size=4096, ...}) = 0

stat64("/usr/local/bin/su", 0xbfaf5a30) = -1 ENOENT (No such file or directory)

stat64("/usr/bin/su", 0xbfaf5a30)       = -1 ENOENT (No such file or directory)

stat64("/bin/su", {st_mode=S_IFREG|S_ISUID|0711, st_size=26760, ...}) = 0

stat64("/bin/su", {st_mode=S_IFREG|S_ISUID|0711, st_size=26760, ...}) = 0

geteuid32()                             = 1000

getegid32()                             = 100

getuid32()                              = 1000

getgid32()                              = 100

access("/bin/su", X_OK)                 = 0

stat64("/bin/su", {st_mode=S_IFREG|S_ISUID|0711, st_size=26760, ...}) = 0

geteuid32()                             = 1000

getegid32()                             = 100

getuid32()                              = 1000

getgid32()                              = 100

access("/bin/su", R_OK)                 = -1 EACCES (Permission denied)

stat64("/bin/su", {st_mode=S_IFREG|S_ISUID|0711, st_size=26760, ...}) = 0

stat64("/bin/su", {st_mode=S_IFREG|S_ISUID|0711, st_size=26760, ...}) = 0

geteuid32()                             = 1000

getegid32()                             = 100

getuid32()                              = 1000

getgid32()                              = 100

access("/bin/su", X_OK)                 = 0

stat64("/bin/su", {st_mode=S_IFREG|S_ISUID|0711, st_size=26760, ...}) = 0

geteuid32()                             = 1000

getegid32()                             = 100

getuid32()                              = 1000

getgid32()                              = 100

access("/bin/su", R_OK)                 = -1 EACCES (Permission denied)

rt_sigprocmask(SIG_BLOCK, [INT CHLD], [], 8) = 0

rt_sigprocmask(SIG_BLOCK, [CHLD], [INT CHLD], 8) = 0

rt_sigprocmask(SIG_SETMASK, [INT CHLD], NULL, 8) = 0

pipe([3, 4])                            = 0

clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb75cf938) = 7452

setpgid(7452, 7452)                     = 0

rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0

rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0

close(3)                                = 0

close(4)                                = 0

ioctl(255, TIOCGPGRP, [7418])           = 0

rt_sigprocmask(SIG_BLOCK, [CHLD TSTP TTIN TTOU], [CHLD], 8) = 0

ioctl(255, TIOCSPGRP, [7452])           = 0

rt_sigprocmask(SIG_SETMASK, [CHLD], NULL, 8) = 0

rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0

rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0

waitpid(-1,

```

this is where it hangs for a while. Once the SU finishes getting logged on, it still displays the same thing. 

Once I leave the su session, I get this

```
[{WIFEXITED(s) && WEXITSTATUS(s) == 0}], WSTOPPED|WCONTINUED) = 7483

rt_sigprocmask(SIG_BLOCK, [CHLD TSTP TTIN TTOU], [CHLD], 8) = 0

ioctl(255, TIOCSPGRP, [7418])           = 0

rt_sigprocmask(SIG_SETMASK, [CHLD], NULL, 8) = 0

ioctl(255, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0

ioctl(255, TIOCGWINSZ, {ws_row=60, ws_col=156, ws_xpixel=1248, ws_ypixel=900}) = 0

rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0

--- SIGCHLD (Child exited) @ 0 (0) ---

waitpid(-1, 0xbfaf576c, WNOHANG|WSTOPPED|WCONTINUED) = -1 ECHILD (No child processes)

sigreturn()                             = ? (mask now [])

rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0

rt_sigaction(SIGINT, {0x808be70, [], 0}, {0x808be70, [], 0}, 8) = 0

rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0

write(1, "\33]0;madchaz@sonofboo:~\7", 23) = 23

time(NULL)                              = 1291907697

stat64("/var/mail/madchaz", 0xbfaf544c) = -1 ENOENT (No such file or directory)

time(NULL)                              = 1291907697

rt_sigprocmask(SIG_BLOCK, [CHLD TSTP TTIN TTOU], [], 8) = 0

ioctl(255, TIOCSPGRP, [7418])           = 0

rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0

rt_sigaction(SIGINT, {0x808be70, [], 0}, {0x808be70, [], 0}, 8) = 0

rt_sigprocmask(SIG_BLOCK, [INT], [], 8) = 0

ioctl(0, TIOCGWINSZ, {ws_row=60, ws_col=156, ws_xpixel=1248, ws_ypixel=900}) = 0

ioctl(0, TIOCSWINSZ, {ws_row=60, ws_col=156, ws_xpixel=1248, ws_ypixel=900}) = 0

ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0

ioctl(0, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig -icanon -echo ...}) = 0

rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0

rt_sigprocmask(SIG_BLOCK, [INT QUIT ALRM TERM TSTP TTIN TTOU], [], 8) = 0

rt_sigaction(SIGINT, {0x80bfaa3, [], 0}, {0x808be70, [], 0}, 8) = 0

rt_sigaction(SIGTERM, {0x80bfaa3, [], 0}, {SIG_IGN, [], 0}, 8) = 0

rt_sigaction(SIGTERM, {SIG_IGN, [], 0}, {0x80bfaa3, [], 0}, 8) = 0

rt_sigaction(SIGQUIT, {0x80bfaa3, [], 0}, {SIG_IGN, [], 0}, 8) = 0

rt_sigaction(SIGQUIT, {SIG_IGN, [], 0}, {0x80bfaa3, [], 0}, 8) = 0

rt_sigaction(SIGALRM, {0x80bfaa3, [], 0}, {0x808bc32, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM SYS], 0}, 8) = 0

rt_sigaction(SIGTSTP, {0x80bfaa3, [], 0}, {SIG_IGN, [], 0}, 8) = 0

rt_sigaction(SIGTSTP, {SIG_IGN, [], 0}, {0x80bfaa3, [], 0}, 8) = 0

rt_sigaction(SIGTTOU, {0x80bfaa3, [], 0}, {SIG_IGN, [], 0}, 8) = 0

rt_sigaction(SIGTTOU, {SIG_IGN, [], 0}, {0x80bfaa3, [], 0}, 8) = 0

rt_sigaction(SIGTTIN, {0x80bfaa3, [], 0}, {SIG_IGN, [], 0}, 8) = 0

rt_sigaction(SIGTTIN, {SIG_IGN, [], 0}, {0x80bfaa3, [], 0}, 8) = 0

rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0

rt_sigaction(SIGWINCH, {0x80bf9d0, [], SA_RESTART}, {0x808bab4, [], 0}, 8) = 0

rt_sigprocmask(SIG_BLOCK, [INT], [], 8) = 0

write(2, "\33[01;32mmadchaz@sonofboo\33[01;34m"..., 42) = 42

rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0

rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0

read(0,

```

----------

## Hu

That output looks wrong.  Either you did not trace children, in which case strace did not even monitor the faulty process, or you traced children to individual files, and posted the strace data for the parent process, rather than the faulty one.  Please try again and be sure to trace all children to a single output file.  Also, take care to mask out your root password, since strace will show you typing it.

----------

## madchaz

```
[pid 10538] open("/home/madchaz/.Xauthority-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)

[pid 10538] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0

[pid 10538] rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0

[pid 10538] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0

[pid 10538] nanosleep({2, 0}, 0xbfa7c6b4) = 0

```

I get this about a thousand time before it finally gives up and goes to root. Not sure why it's refusing to open .Xauthority-c, the file doesn't exist. .Xauthority does, but it gets re-created when I login

----------

## martinkunev

I just had the same problem. It turned out that I have wrongly set owner and permissions for /home this way:

```
# ls -ld /home

drwxr-x--- 4 root users 4.0K Mar 19 17:50 /home/
```

I added execution permissions for others and now everything works fine:

```
chmod o+x /home
```

----------

