# Su problem - Wheel okay, SUID okay - [resolved]

## oezi

Hey everybody!

  I finally resort to the forum since I really can't figure it out.

Output from doing su:

```

bash-2.05b$ su

Password:

su: Authentication failure

Sorry.

```

(and yes the password I enter is root's passwd)

Output of call to 'groups'

```

bash-2.05b$ groups

wheel audio users slocate

```

From 'group':

```

HisTop etc # less group | grep wheel

wheel:x:10:root,oezi,temp

```

Passwd file:

```

HisTop log # less /etc/passwd | grep oezi

oezi:x:1000:100::/home/oezi:/bin/bash

```

Access rights:

```

HisTop log # ls -l /etc/passwd /etc/shadow /bin/su /sbin/unix_chkpwd

-rwsr-xr-x    1 root     root        24304 Feb 20 04:36 /bin/su

-rw-r--r--    1 root     root         1867 Feb  8 16:48 /etc/passwd

-rw-------    1 root     root          533 Feb  8 16:48 /etc/shadow

-r-sr-xr-x    1 root     root        19088 Feb 20 04:55 /sbin/unix_chkpwd

```

Pam file:

```

HisTop etc # cat pam.d/su

#%PAM-1.0

auth       sufficient   /lib/security/pam_rootok.so

# Uncomment this to allow users in the wheel group to su without entering a passwd.

#auth       sufficient   /lib/security/pam_wheel.so use_uid trust debug

# Comment this to allow any user, even those not in the 'wheel' group to su

auth       required     /lib/security/pam_wheel.so use_uid debug

auth       required     /lib/security/pam_stack.so service=system-auth debug

account    required     /lib/security/pam_stack.so service=system-auth debug

password   required     /lib/security/pam_stack.so service=system-auth debug

session    required     /lib/security/pam_stack.so service=system-auth debug

session    optional     /lib/security/pam_xauth.so

```

From /var/log/messages:

```

Feb 20 06:05:35 HisTop PAM-Wheel[7341]: Ignoring access request 'oezi' for 'root'

Feb 20 06:05:35 HisTop pam_stack[7341]: called for "PAM_AUTHENTICATE"

Feb 20 06:05:35 HisTop pam_stack[7341]: called from "su"

Feb 20 06:05:35 HisTop pam_stack[7341]: initializing

Feb 20 06:05:35 HisTop pam_stack[7341]: creating child stack `system-auth'

Feb 20 06:05:35 HisTop pam_stack[7341]: creating environment

Feb 20 06:05:35 HisTop pam_stack[7341]: NOT passing PAM_AUTHTOK to child: source is NULL

Feb 20 06:05:35 HisTop pam_stack[7341]: passing PAM_CONV to child

Feb 20 06:05:35 HisTop pam_stack[7341]: NOT passing PAM_FAIL_DELAY to child: source not set

Feb 20 06:05:35 HisTop pam_stack[7341]: NOT passing PAM_OLDAUTHTOK to child: source is NULL

Feb 20 06:05:35 HisTop pam_stack[7341]: NOT passing PAM_RHOST to child: source is NULL

Feb 20 06:05:35 HisTop pam_stack[7341]: passing PAM_RUSER to child

Feb 20 06:05:35 HisTop pam_stack[7341]: passing PAM_SERVICE to child

Feb 20 06:05:35 HisTop pam_stack[7341]: passing PAM_TTY to child

Feb 20 06:05:35 HisTop pam_stack[7341]: passing PAM_USER to child

Feb 20 06:05:35 HisTop pam_stack[7341]: NOT passing PAM_USER_PROMPT to child: source is NULL

Feb 20 06:05:35 HisTop pam_stack[7341]: passing data to child

Feb 20 06:05:35 HisTop pam_stack[7341]: calling substack

Feb 20 06:05:39 HisTop unix_chkpwd[7342]: check pass; user unknown

Feb 20 06:05:39 HisTop su(pam_unix)[7341]: authentication failure; logname= uid=1000 euid=1000 tty=pts/0 ruser=oezi rhost=  user=root

Feb 20 06:05:39 HisTop pam_stack[7341]: substack returned 7 (Authentication failure)

Feb 20 06:05:39 HisTop pam_stack[7341]: passing PAM_AUTHTOK to parent

Feb 20 06:05:39 HisTop pam_stack[7341]: NOT passing PAM_CONV to parent: destination already set

Feb 20 06:05:39 HisTop pam_stack[7341]: passing PAM_FAIL_DELAY to parent

Feb 20 06:05:39 HisTop pam_stack[7341]: NOT passing PAM_OLDAUTHTOK to parent: source is NULL

Feb 20 06:05:39 HisTop pam_stack[7341]: NOT passing PAM_RHOST to parent: source is NULL

Feb 20 06:05:39 HisTop pam_stack[7341]: passing PAM_RUSER to parent

Feb 20 06:05:39 HisTop pam_stack[7341]: passing PAM_SERVICE to parent

Feb 20 06:05:39 HisTop pam_stack[7341]: passing PAM_TTY to parent

Feb 20 06:05:39 HisTop pam_stack[7341]: passing PAM_USER to parent

Feb 20 06:05:39 HisTop pam_stack[7341]: NOT passing PAM_USER_PROMPT to parent: source is NULL

Feb 20 06:05:39 HisTop pam_stack[7341]: passing data back

Feb 20 06:05:39 HisTop pam_stack[7341]: passing former back

Feb 20 06:05:39 HisTop pam_stack[7341]: returning 7 (Authentication failure)

Feb 20 06:05:41 HisTop su[7341]: pam_authenticate: Authentication failure

Feb 20 06:05:41 HisTop pam_stack[7341]: freeing stack data for `system-auth' service

```

What I tried so far:

  * Reinstalling pam, pam-login, coreutils, shadow with -O2

  * resetting group attributes

  * wheel::10:root,oezi (without the x)

  * uncommenting the line # auth       sufficient   /lib/security/pam_wheel.so use_uid trust debug

```

bash-2.05b$ su

su: Authentication service cannot retrieve authentication info.

Sorry.

```

  * strace (cannot work because strace does not propagate suid bit)

I'm really desperate... and hope it's not something really stupid   :Crying or Very sad: 

Please tell me if any information is missing. I really tried to work with all the information available on the web and in the forum.

ChristopherLast edited by oezi on Tue Mar 02, 2004 6:08 pm; edited 1 time in total

----------

## oezi

Hey Guys!

  I tried some other stuff random stuff today, when I noticed that my Ping command doesn't work either when using a non-root user.

Since ICMP-sockets can only be opened by root-users I added SUID bits to ping.

```

chmod a+s /bin/ping

```

But it still doesn't work. Same with mount or umount.

Are maybe in general the SUID-bits broken? Any ideas what else I could try to investigate? Thanks!

Christopher

----------

## oezi

Okay I found the solution   :Very Happy: 

I had a wrong entry in my fstab which disabled suid bits.

Changing the line to 

```

/dev/hda6       /     reiserfs        noatime              0 1

```

solved all my problems.

Thanks for having a look at the problem.

Christopher

----------

## rosowski

Did that solve your su issue though? I have the same problem here, after I backed up my system using only cp, without -a option (dumb me...).

My fstab says:

```
/dev/hda3               /               ext3            noatime                 0 0
```

but thats how it came from gentoo, so I guess its right this way.

Cheers,

Daniel

----------

## oezi

All my Suid-bits for the individual files were set correctly so after I removed the nosuid option from the fstab everthing was working again.

What exactley isn't working? (suid bits, wheel group?)

Best greetings,

  Christopher

----------

## rosowski

The point is that I just wonder why you need to set your fstab entry for the root partition from 0 0 to 0 1, since I got it working by setting the suid bit too, but without the changes to the fstab.

Sorry, maybe it was a bit confusing   :Smile: 

----------

## oezi

I have to be sorry because my bug-fix report was not too clear:

The problem with the fstab was not because of 0 0 vs. 0 1 (these are for file-sys-checks I believe) but because I had "nosuid" (and some other stuff) where "noatime" is now. Check with "man mount" to get the full information on that. Apparently this option is for security reasons to completely disable suid bits at the kernel level.

Christopher

----------

## funeagle

Thank you, I had the same problem and now it's solved. But I think you did not tell directly that you had the users entry which disabled the suid bits.

I had it wrong as well:

```

/dev/hda6        /               reiserfs        users,exec                    0 0

```

removed the users and now it works  :Smile: 

----------

## pjp

Moved from Installing Gentoo

----------

