Hide Forgot
Description of problem: I'm logged in as user backes, then I try: "su -". I enter the correct pwd, but the login is rejected because of incorrect password. Logging in in some console is possible, and "sudo su -" too. Version-Release number of selected component (if applicable): coreutils-8.10-2.fc15.x86_64 How reproducible: always Steps to Reproduce: 1.su - 2.Enter root pwd 3. Actual results: su: incorrect password Expected results: Login performed Additional info: /var/log/secure in that case: Mar 17 10:46:26 eule unix_chkpwd[15372]: check pass; user unknown Mar 17 10:46:33 eule unix_chkpwd[15374]: check pass; user unknown Mar 17 10:46:33 eule unix_chkpwd[15374]: password check failed for user (root) Mar 17 10:46:33 eule su: pam_unix(su-l:auth): authentication failure; logname=backes uid=500 euid=500 tty=pts/0 ruser=backes rhost= user=root
Adding PAM maintainer to CC as he may have some insight to it/what to check. PAM support was consolidated with SUSE (it means rewritten) in 8.7-1.fc15 - and noone complained so far, so I wonder what went wrong on your machine. Is the issue new (caused by some update) or you have just installed the brand new F-15 and updated packages?
Are there any SELinux AVCs? 'ausearch -m AVC' What is in your /etc/nsswitch.conf?
(In reply to comment #2) > Are there any SELinux AVCs? 'ausearch -m AVC' > > What is in your /etc/nsswitch.conf? 1. Selinux is disabled 2. /etc/nsswitch.conf: See attachment 3. ausearch -m AVC: see attachment
Created attachment 485997 [details] /etc/nsswitch.conf
Created attachment 485999 [details] Output of ausearch -m AVC
(In reply to comment #1) > Adding PAM maintainer to CC as he may have some insight to it/what to check. > PAM support was consolidated with SUSE (it means rewritten) in 8.7-1.fc15 - and > noone complained so far, so I wonder what went wrong on your machine. Is the > issue new (caused by some update) or you have just installed the brand new F-15 > and updated packages? This is a fresh installed F15. I have a similar problem: after locking screen, I cannot unlock screen (passwd is not accepted: BZ 684653)
(In reply to comment #6) > (In reply to comment #1) > > Adding PAM maintainer to CC as he may have some insight to it/what to check. > > PAM support was consolidated with SUSE (it means rewritten) in 8.7-1.fc15 - and > > noone complained so far, so I wonder what went wrong on your machine. Is the > > issue new (caused by some update) or you have just installed the brand new F-15 > > and updated packages? > > This is a fresh installed F15. I have a similar problem: after locking screen, > I cannot unlock screen (passwd is not accepted: BZ 684653) Sorry: I meant: this is a fresh installed F15 *+ all actual updates*
What 'ls -l /bin/su' prints? Ondrej, were there any setuid related changes in su recently? The 'uid=500 euid=500' in the log message above actually looks very suspicious.
And also output of 'ls -l /sbin/unix_chkpwd' please.
(In reply to comment #9) > And also output of 'ls -l /sbin/unix_chkpwd' please. -rwsr-xr-x. 1 root root 32000 Feb 8 15:19 /sbin/unix_chkpwd
No, I'm not aware of any such change, su should still be suid root:root (4755) ...
By setting the s-bit in /bin/su, getting rid from my su problems :-( I don't know why it was lost. Thanks for your support :-) JB
I checked the koji build and suid is present there, so closing NOTABUG. Feel free (to reopen and reassign) if you find out what cleared the suid...