Bug 688521 - Cannot login into root with "su -"
Cannot login into root with "su -"
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: coreutils (Show other bugs)
15
Unspecified Unspecified
unspecified Severity high
: ---
: ---
Assigned To: Ondrej Vasik
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-03-17 05:54 EDT by Joachim Backes
Modified: 2011-03-17 09:54 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-03-17 09:54:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
/etc/nsswitch.conf (1.68 KB, text/plain)
2011-03-17 08:56 EDT, Joachim Backes
no flags Details
Output of ausearch -m AVC (1.33 MB, text/plain)
2011-03-17 08:57 EDT, Joachim Backes
no flags Details

  None (edit)
Description Joachim Backes 2011-03-17 05:54:29 EDT
Description of problem:
I'm logged in as user backes, then I try: "su -". I enter the correct pwd, but the login is rejected because of incorrect password.

Logging in in some console is possible, and "sudo su -" too.

Version-Release number of selected component (if applicable):
coreutils-8.10-2.fc15.x86_64

How reproducible:
always

Steps to Reproduce:
1.su -
2.Enter root pwd
3.
  
Actual results:
su: incorrect password

Expected results:
Login performed


Additional info:
/var/log/secure in that case:

Mar 17 10:46:26 eule unix_chkpwd[15372]: check pass; user unknown
Mar 17 10:46:33 eule unix_chkpwd[15374]: check pass; user unknown
Mar 17 10:46:33 eule unix_chkpwd[15374]: password check failed for user (root)
Mar 17 10:46:33 eule su: pam_unix(su-l:auth): authentication failure; logname=backes uid=500 euid=500 tty=pts/0 ruser=backes rhost=  user=root
Comment 1 Ondrej Vasik 2011-03-17 07:52:26 EDT
Adding PAM maintainer to CC as he may have some insight to it/what to check. PAM support was consolidated with SUSE (it means rewritten) in 8.7-1.fc15 - and noone complained so far, so I wonder what went wrong on your machine. Is the issue new (caused by some update) or you have just installed the brand new F-15 and updated packages?
Comment 2 Tomas Mraz 2011-03-17 08:19:21 EDT
Are there any SELinux AVCs? 'ausearch -m AVC'

What is in your /etc/nsswitch.conf?
Comment 3 Joachim Backes 2011-03-17 08:55:18 EDT
(In reply to comment #2)
> Are there any SELinux AVCs? 'ausearch -m AVC'
> 
> What is in your /etc/nsswitch.conf?

1. Selinux is disabled
2. /etc/nsswitch.conf: See attachment
3. ausearch -m AVC: see attachment
Comment 4 Joachim Backes 2011-03-17 08:56:10 EDT
Created attachment 485997 [details]
/etc/nsswitch.conf
Comment 5 Joachim Backes 2011-03-17 08:57:21 EDT
Created attachment 485999 [details]
Output of ausearch -m AVC
Comment 6 Joachim Backes 2011-03-17 09:02:27 EDT
(In reply to comment #1)
> Adding PAM maintainer to CC as he may have some insight to it/what to check.
> PAM support was consolidated with SUSE (it means rewritten) in 8.7-1.fc15 - and
> noone complained so far, so I wonder what went wrong on your machine. Is the
> issue new (caused by some update) or you have just installed the brand new F-15
> and updated packages?

This is a fresh installed F15. I have a similar problem: after locking screen, I cannot unlock screen (passwd is not accepted: BZ 684653)
Comment 7 Joachim Backes 2011-03-17 09:10:51 EDT
(In reply to comment #6)
> (In reply to comment #1)
> > Adding PAM maintainer to CC as he may have some insight to it/what to check.
> > PAM support was consolidated with SUSE (it means rewritten) in 8.7-1.fc15 - and
> > noone complained so far, so I wonder what went wrong on your machine. Is the
> > issue new (caused by some update) or you have just installed the brand new F-15
> > and updated packages?
> 
> This is a fresh installed F15. I have a similar problem: after locking screen,
> I cannot unlock screen (passwd is not accepted: BZ 684653)

Sorry: I meant: this is a fresh installed F15 *+ all actual updates*
Comment 8 Tomas Mraz 2011-03-17 09:15:47 EDT
What 'ls -l /bin/su' prints?

Ondrej, were there any setuid related changes in su recently? The 'uid=500 euid=500' in the log message above actually looks very suspicious.
Comment 9 Tomas Mraz 2011-03-17 09:16:53 EDT
And also  output of 'ls -l /sbin/unix_chkpwd' please.
Comment 10 Joachim Backes 2011-03-17 09:30:45 EDT
(In reply to comment #9)
> And also  output of 'ls -l /sbin/unix_chkpwd' please.

-rwsr-xr-x. 1 root root 32000 Feb  8 15:19 /sbin/unix_chkpwd
Comment 11 Ondrej Vasik 2011-03-17 09:32:02 EDT
No, I'm not aware of any such change, su should still be suid root:root (4755) ...
Comment 12 Joachim Backes 2011-03-17 09:40:03 EDT
By setting the s-bit in /bin/su, getting rid from my su problems :-(

I don't know why it was lost.

Thanks for your support :-)

JB
Comment 13 Ondrej Vasik 2011-03-17 09:54:01 EDT
I checked the koji build and suid is present there, so closing NOTABUG. Feel free (to reopen and reassign) if you find out what cleared the suid...

Note You need to log in before you can comment on or make changes to this bug.