I adjusted all file permissions that were 6000+ with chmod -s to secure my system. I've now made it so secure I can only log in as root by physically accessing the machine. When I perform su with my personal account I get an incorrect password error. I assume that whatever checks the password needs to run as root and is denied access it requires. Generally I would like more clarity on what happens when an su command is issued. I welcome your insights, thanks!
asked 19 May '10, 14:06
su will read the password file /etc/passwd.
If the real id of the user calling su is 0 (usually root), it will not ask for a password. Otherwise, it asks for the password of the target user and checks it against the password stored in /etc/shadow.
Then it gets shell details from /etc/passwd.
So su needs access to /etc/passwd and /etc/shadow.
su is one of the Gnu utilities that are found in the coreutils package. If you want to investigate it further, go to gnu.org and download the latest coreutils package and then look at the code in su.c. You don't have to read all the code, just the descriptive comments at the front. The Gnu utilities are usually very nicely documented internally.
answered 19 May '10, 15:05
It's generally not a good idea to go around changing permissions on system files unless you really know what you're doing. If you're looking for a good way to lock down your system checkout the guide from the NSA. http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml
answered 19 May '10, 15:30
Most likely the mechanism for authentication being used is actually pam.
Specifically, /etc/pam.d/su and /etc/pam.d/su-l
answered 14 Jun '11, 11:40