I adjusted all file permissions that were 6000+ with chmod -s to secure my system. I've now made it so secure I can only log in as root by physically accessing the machine. When I perform su with my personal account I get an incorrect password error. I assume that whatever checks the password needs to run as root and is denied access it requires. Generally I would like more clarity on what happens when an su command is issued. I welcome your insights, thanks!

asked 19 May '10, 14:06

mdur's gravatar image

mdur
3613
accept rate: 50%




su will read the password file /etc/passwd.

If the real id of the user calling su is 0 (usually root), it will not ask for a password. Otherwise, it asks for the password of the target user and checks it against the password stored in /etc/shadow.

Then it gets shell details from /etc/passwd.

So su needs access to /etc/passwd and /etc/shadow.

su is one of the Gnu utilities that are found in the coreutils package. If you want to investigate it further, go to gnu.org and download the latest coreutils package and then look at the code in su.c. You don't have to read all the code, just the descriptive comments at the front. The Gnu utilities are usually very nicely documented internally.

link

answered 19 May '10, 15:05

codebunny's gravatar image

codebunny
40816
accept rate: 38%

It's generally not a good idea to go around changing permissions on system files unless you really know what you're doing. If you're looking for a good way to lock down your system checkout the guide from the NSA. http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml

link

answered 19 May '10, 15:30

JD50's gravatar image

JD50
512
accept rate: 0%

Perhaps not, but it is a great way to learn, especially an insignificant machine or vm :)

Thanks for the link!

(19 May '10, 15:45) mdur

Most likely the mechanism for authentication being used is actually pam.

Specifically, /etc/pam.d/su and /etc/pam.d/su-l

link

answered 14 Jun '11, 11:40

rfelsburg's gravatar image

rfelsburg ♦
6061618
accept rate: 25%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×2
×1
×1

Asked: 19 May '10, 14:06

Seen: 4,487 times

Last updated: 14 Jun '11, 11:40

Related questions

powered by OSQA