I cannot su to root, but can su from root to another user. I know the password is correct because I can login as root. I am part of the wheel group (verified with groups command). I have tried remerging pam, and that did not help the issue. Reproducible: Always Steps to Reproduce: 1. login as regular user 2. type 'su' and type password Actual Results: It responds: "Authentication failed...Sorry" Expected Results: changed me to root kernel 2.6.5 (mm)
Please include the output of emerge --info as requested on the bug submission page.
oops. Got a little carried away with the clicking.
Gentoo Base System version 1.4.3.13 Portage 2.0.50-r6 (default-x86-2004.0, gcc-3.3.2, glibc-2.3.2-r9, 2.6.5-mm6) ================================================================= System uname: 2.6.5-mm6 i686 AMD Athlon(tm) Processor Autoconf: sys-devel/autoconf-2.58 Automake: sys-devel/automake-1.8.3 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O2 -march=i686 -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-O2 -march=i686 -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs ccache sandbox" GENTOO_MIRRORS="http://gentoo.oregonstate.edu http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X aalib apm arts avi berkdb bonobo crypt cups encode esd foomaticdb gdbm gif gnome gpm gtk gtk2 gtkhtml guile imlib java jpeg kde libg++ libwww mad mikmod motif mpeg ncurses nls oggvorbis opengl oss pam pdflib perl png ppds python qt quicktime readline sdl slang spell ssl svga tcpd truetype x86 xml2 xmms xv zlib"
Please take a look at this and see if it fixes your problem http://forums.gentoo.org/viewtopic.php?t=11126
This looks invalid to me. Please look over the solutions laid out in the forums and reopen if you still have issues. Thanks.
I am sorry, but I head read most of those posts earlier, and I had my /bin/su permissions the way the posts have suggested. To be sure, I ran : chmod 4755 /bin/su And then logged out, logged in as normal user, and still couldn't su, getting an error message about authentication. Appreciate all of your help.
In trying to debug, I decided to create a new user and follow the forums exactly to see the su problem. In doing so I found another problem that may be related to this one. I could not login! As root, this was the command I issued to add the new user: useradd temp -G users -p temp I switched to another framebuffer (I think that is what it is called, when you push ctrl+alt+f*) and tried to login using: username: temp password: temp But to no avail. Also, I found no "temp" directory in the /home directory. The error message I received was: Login incorrect Here is the log from /var/log/message: May 22 23:17:38 rosh-linux useradd[7471]: new user: name=temp, uid=1002, gid=100, home=/home/temp, shell=/bin/bash May 22 23:17:38 rosh-linux useradd[7471]: add `temp' to group `users' May 22 23:17:38 rosh-linux useradd[7471]: add `temp' to shadow group `users' May 22 23:17:45 rosh-linux login(pam_unix)[7396]: authentication failure; logname= uid=0 euid=0 tty=/dev/vc/2 ruser= rhost= user=temp May 22 23:17:47 rosh-linux login[7396]: FAILED LOGIN 1 FROM /dev/vc/2 FOR temp, Authentication failure May 22 23:18:00 rosh-linux CRON[7474]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons ) May 22 23:19:00 rosh-linux CRON[7506]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons ) May 22 23:20:00 rosh-linux CRON[7517]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons ) Hope this helps and thanks for all your help.
You cannot use a clear text password & the -p option of useradd (try man useradd). You must provide it using crypt()... or just use passwd <user> to set the password. Also, you are sure the user is in the wheel group? 'grep wheel /etc/group' and ensure you see the user (looks something like this): wheel:x:10:root,<user> Jay
your useradd command (I'll repeat what Jay said: man useradd is your friend!!!) did NOT add a home directory for your "temp" user -- of course the login will fail. I'd suggest you emerge superadduser and user that instead, or read the man page.
Adding another user using the proper procedure did not work. I just ran "emerge pam shadow pam-login" and still doesn't work. What should /etc/pam.d/login look like? Mine looks like: auth required /lib/security/pam_securetty.so auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/security/pam_console.so output of 'grep wheel /etc/group' : wheel::10:root,roshan
Roshan, it appears you have two problems in this bug. The first is that you can't su to root as a normal user. Regarding your pam configuration, it looks exactly like mine. I don't know at this point what problem you are encountering except that I'm very doubtful it is a problem in the Gentoo system. The second problem is that you can't login as the user "temp" using the password "temp". You need to login as root, set the password for temp using "passwd temp", then you will be able to login as that user. Contrary to what Seemant said, you don't actually need the home directory to exist. Both problems here are actually "user error", meaning that there is no real bug (yet) in the Gentoo system, just a bug in your usage of the system. You need to look into the forums and or the mailing lists for help. bugs.gentoo.org is a bug-tracking system, not a user support system. Sorry I can't be more helpful, but there are bugs to chase...
Ok, I believe there is only one problem in this bug. The deal with the temp user was already fixed, I apologize for not mentioning that in my last post, it was just my incorrect usage of the useradd command. The only bug I meant to report here was the not being able to su. I have scoured the forums, and run into three main solutions: check if I am in the 'wheel' group check the permissions on /bin/su emerge pam shadow pam-login I have done all of these things and nothing seems to work. I do understand that there are other bugs to deal with, so I was wondering if anyone could give me other leads than these. I will leave this as 'resolved invalid' because I trust your (aron) expertise more than mine. However, it seems that if all the config files are correct, it would be a weird problem with gentoo. Are there any results I could post that would help us understand that? Something from the logs or dmesg or something like that? Anyway, I appreciate all the help and will continue looking, thanks again.
did you log your user out and back in after adding them to the wheel group?
1. type groups and find I am part of the wheel group 2. Reboot 3. login as user, type groups to see if I am in wheel group, then try to su. 4. Failed with "authentication failure" message 5. login as root, password is correct 6. su to regular user, this works fine Thanks for all the help and I look forward to any other suggestions.
I just did this on my personal system: root@time / # useradd temp root@time / # passwd temp New UNIX password: (temp) Retype new UNIX password: (temp) root@time / # ssh temp@localhost Password: (temp) Could not chdir to home directory /home/temp: No such file or directory /usr/X11R6/bin/xauth: error in locking authority file /home/temp/.Xauthority temp@time / $ su Password: (my root password) su: Permission denied Sorry. temp@time / $ logout Connection to localhost closed. All of that is expected because temp isn't in the wheel group. Second try: root@time / # usermod -G wheel temp root@time / # ssh temp@localhost Password: (temp) Could not chdir to home directory /home/temp: No such file or directory /usr/X11R6/bin/xauth: error in locking authority file /home/temp/.Xauthority temp@time / $ su Password: (my root password) root@time / # So it worked for me once temp was in the wheel group. Here is some information about my system: $ epm -qG shadow pam pam-login sys-apps/shadow-4.0.4.1-r1 sys-libs/pam-0.77-r1 sys-apps/pam-login-3.14 $ epm -V shadow pam pam-login ..?..... /etc/default/useradd ..?..... /etc/securetty missing /etc/pam.d/system-auth.new ..?..... /etc/login.access ..?..... /lib/security/pam_filter/upperLOWER missing /var/run/console/.keep ..?..... /sbin/pam_timestamp_check ..5....T /usr/share/man/man1/login.1.gz $ ls -ld /bin/su -rwsr-xr-x 1 root root 22K May 25 21:52 /bin/su* $ grep temp /etc/passwd temp:x:10210:100::/home/temp:/bin/bash $ grep wheel /etc/group wheel:x:10:root,agriffis,amg,temp $ sudo grep temp /etc/shadow temp:$1$/Fvd4UCf$4khvi/A5WCGuYzkpkRG6x/:12564:0:99999:7::: $ uname -r 2.6.6-rc3 (however I'm running 2.6.5-mm1 on another system) Does any of this help?
This worked better as root so it could read the files: root@time / # epm -V shadow pam pam-login missing /etc/pam.d/system-auth.new missing /var/run/console/.keep ..5....T /usr/share/man/man1/login.1.gz
Thanks for all the help, Aron. I figured out how to add the temp user, but no dice on su'ing using it. Another thing that I noticed that was different is in my /etc/group file. This is mine again: wheel::10:root,roshan This is Aron's: wheel:x:10:root,agriffis,amg,temp The difference that I thought might have anything to do with it is the 'x' between the 2 colons. What is that 'x' and does it make a difference?
The 'x' is for the group password (man group). Whether is it blank or 'x' will not be the reason you cannot su to root. Jay
Ok, try this: In one terminal, as "temp": temp@localhost $ bash -c 'echo $$; sleep 30; exec /bin/su' In a second terminal, as "root": root@localhost # strace -p [output of echo $$ above] 2>&1 | tee strace.out Then take a look through the strace output to see if you can find any problems. You could also use ltrace instead of strace, but the output will be much more verbose.
OK, ran strace, here are the results. Before I post it, my inexperienced eyes saw two things that seemed wrong: could not read the /etc/shadow file (checked those permissions and it seems like only root can read it). Also, it can't seem to find a '/var/run/utmpx' file, which I have no clue what this. Anyway, appreciate all the help! strace output: Process 17933 attached - interrupt to quit waitpid(-1, [WIFEXITED(s) && WEXITSTATUS(s) == 0], 0) = 17934 rt_sigprocmask(SIG_SETMASK, [RTMIN], NULL, 8) = 0 --- SIGCHLD (Child exited) @ 0 (0) --- waitpid(-1, 0xbfffee7c, WNOHANG) = -1 ECHILD (No child processes) sigreturn() = ? (mask now [RTMIN]) rt_sigaction(SIGINT, {SIG_DFL}, {0x8074fd0, [], SA_RESTORER, 0x400583a8}, 8) = 0 rt_sigaction(SIGINT, {SIG_DFL}, {SIG_DFL}, 8) = 0 rt_sigaction(SIGQUIT, {SIG_DFL}, {SIG_IGN}, 8) = 0 rt_sigaction(SIGCHLD, {SIG_DFL}, {0x8075eb0, [], SA_RESTORER, 0x400583a8}, 8) = 0 execve("/bin/su", ["/bin/su"], [/* 47 vars */]) = 0 uname({sys="Linux", node="rosh-linux", ...}) = 0 brk(0) = 0x8054000 open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory) mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40015000 open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=86975, ...}) = 0 mmap2(NULL, 86975, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40016000 close(3) = 0 open("/lib/libcrypt.so.1", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260\t\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=19208, ...}) = 0 mmap2(NULL, 181372, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4002c000 mmap2(0x40031000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x4) = 0x40031000 mmap2(0x40032000, 156796, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40032000 close(3) = 0 open("/usr/lib/libcrack.so.2", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\33\0\000"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=27800, ...}) = 0 mmap2(NULL, 40096, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40059000 mmap2(0x4005f000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x6) = 0x4005f000 mmap2(0x40060000, 11424, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40060000 close(3) = 0 open("/lib/libpam.so.0", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\25"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=30776, ...}) = 0 mmap2(NULL, 32496, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40063000 mmap2(0x4006a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x6) = 0x4006a000 close(3) = 0 open("/lib/libpam_misc.so.0", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\16\0\000"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=9352, ...}) = 0 mmap2(NULL, 11976, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4006b000 mmap2(0x4006d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1) = 0x4006d000 close(3) = 0 open("/lib/libc.so.6", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 ]\1\000"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=1302236, ...}) = 0 mmap2(NULL, 1240420, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4006e000 mmap2(0x40197000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x128) = 0x40197000 mmap2(0x4019b000, 7524, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4019b000 close(3) = 0 open("/lib/libdl.so.2", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\34\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=10404, ...}) = 0 mmap2(NULL, 12264, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4019d000 mmap2(0x4019f000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1) = 0x4019f000 close(3) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x401a0000 munmap(0x40016000, 86975) = 0 open("/dev/urandom", O_RDONLY) = 3 read(3, "BP\2\321uW\252\0279\371\347\330\223\373\236\256\0078\270"..., 32) = 32 close(3) = 0 brk(0) = 0x8054000 brk(0x8075000) = 0x8075000 brk(0) = 0x8075000 getuid32() = 1000 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 readlink("/proc/self/fd/0", "/dev/pts/3", 4095) = 10 readlink("/proc/self/fd/0", "/dev/pts/3", 511) = 10 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory) open("/var/run/utmp", O_RDWR) = -1 EACCES (Permission denied) open("/var/run/utmp", O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 _llseek(3, 0, [0], SEEK_SET) = 0 alarm(0) = 0 rt_sigaction(SIGALRM, {0x4016fbd0, [], SA_RESTORER, 0x400973a8}, {SIG_DFL}, 8) = 0 alarm(1) = 0 fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0 read(3, "\10\0\0\0\202\25\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\1\0\0\0003N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\10\0\0\0\271\30\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\7\0\0\0\274\34\0\0vc/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\370\33\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\371\33\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\372\33\0\0tty4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\373\33\0\0tty5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\374\33\0\0tty6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\274\34\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\7\0\0\0\3\36\0\0:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "", 384) = 0 fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 alarm(0) = 1 rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0 close(3) = 0 getuid32() = 1000 socket(PF_UNIX, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_UNIX, path="/var/run/.nscd_socket"}, 110) = -1 ENOENT (No such file or directory) close(3) = 0 open("/etc/nsswitch.conf", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=498, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000 read(3, "# /etc/nsswitch.conf:\n# $Header:"..., 4096) = 498 read(3, "", 4096) = 0 close(3) = 0 munmap(0x40016000, 4096) = 0 open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=86975, ...}) = 0 mmap2(NULL, 86975, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40016000 close(3) = 0 open("/lib/libnss_compat.so.2", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360\21"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=27784, ...}) = 0 mmap2(NULL, 30216, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x401a1000 mmap2(0x401a8000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x6) = 0x401a8000 close(3) = 0 open("/lib/libnsl.so.1", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340;\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=76684, ...}) = 0 mmap2(NULL, 85120, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x401a9000 mmap2(0x401bb000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x11) = 0x401bb000 mmap2(0x401bc000, 7296, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x401bc000 close(3) = 0 munmap(0x40016000, 86975) = 0 open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=86975, ...}) = 0 mmap2(NULL, 86975, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40016000 close(3) = 0 open("/lib/libnss_nis.so.2", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\33"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=33680, ...}) = 0 mmap2(NULL, 35596, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x401be000 mmap2(0x401c6000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x7) = 0x401c6000 close(3) = 0 open("/lib/libnss_files.so.2", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\35\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=35640, ...}) = 0 mmap2(NULL, 33716, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x401c7000 mmap2(0x401cf000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x8) = 0x401cf000 close(3) = 0 munmap(0x40016000, 86975) = 0 open("/etc/passwd", O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 _llseek(3, 0, [0], SEEK_CUR) = 0 fstat64(3, {st_mode=S_IFREG|0644, st_size=1769, ...}) = 0 mmap2(NULL, 1769, PROT_READ, MAP_SHARED, 3, 0) = 0x40016000 _llseek(3, 1769, [1769], SEEK_SET) = 0 munmap(0x40016000, 1769) = 0 close(3) = 0 stat64("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 open("/etc/pam.d/su", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=1247, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000 read(3, "#%PAM-1.0\n\nauth sufficient"..., 4096) = 1247 open("/lib/security/pam_rootok.so", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\7\0\000"..., 512) = 512 fstat64(4, {st_mode=S_IFREG|0755, st_size=4340, ...}) = 0 mmap2(NULL, 7012, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x40017000 mmap2(0x40018000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0) = 0x40018000 close(4) = 0 open("/lib/security/pam_wheel.so", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\r\0"..., 512) = 512 fstat64(4, {st_mode=S_IFREG|0755, st_size=11688, ...}) = 0 mmap2(NULL, 14180, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x40019000 mmap2(0x4001c000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x2) = 0x4001c000 close(4) = 0 open("/lib/security/pam_stack.so", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\v\0"..., 512) = 512 fstat64(4, {st_mode=S_IFREG|0755, st_size=11600, ...}) = 0 mmap2(NULL, 14272, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x4001d000 mmap2(0x40020000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x2) = 0x40020000 close(4) = 0 open("/lib/security/pam_xauth.so", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360\22"..., 512) = 512 fstat64(4, {st_mode=S_IFREG|0755, st_size=15712, ...}) = 0 mmap2(NULL, 18172, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x40021000 mmap2(0x40025000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x3) = 0x40025000 close(4) = 0 read(3, "", 4096) = 0 close(3) = 0 munmap(0x40016000, 4096) = 0 open("/etc/pam.d/other", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=198, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000 read(3, "#%PAM-1.0\n\nauth required\t/"..., 4096) = 198 open("/lib/security/pam_deny.so", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\6\0"..., 512) = 512 fstat64(4, {st_mode=S_IFREG|0755, st_size=3760, ...}) = 0 mmap2(NULL, 6480, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x40026000 mmap2(0x40027000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0) = 0x40027000 close(4) = 0 read(3, "", 4096) = 0 close(3) = 0 munmap(0x40016000, 4096) = 0 open("/etc/passwd", O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 _llseek(3, 0, [0], SEEK_CUR) = 0 fstat64(3, {st_mode=S_IFREG|0644, st_size=1769, ...}) = 0 mmap2(NULL, 1769, PROT_READ, MAP_SHARED, 3, 0) = 0x40016000 _llseek(3, 1769, [1769], SEEK_SET) = 0 munmap(0x40016000, 1769) = 0 close(3) = 0 time(NULL) = 1085610615 getuid32() = 1000 open("/etc/passwd", O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 _llseek(3, 0, [0], SEEK_CUR) = 0 fstat64(3, {st_mode=S_IFREG|0644, st_size=1769, ...}) = 0 mmap2(NULL, 1769, PROT_READ, MAP_SHARED, 3, 0) = 0x40016000 _llseek(3, 1769, [1769], SEEK_SET) = 0 munmap(0x40016000, 1769) = 0 close(3) = 0 getuid32() = 1000 open("/etc/passwd", O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 _llseek(3, 0, [0], SEEK_CUR) = 0 fstat64(3, {st_mode=S_IFREG|0644, st_size=1769, ...}) = 0 mmap2(NULL, 1769, PROT_READ, MAP_SHARED, 3, 0) = 0x40016000 _llseek(3, 1769, [1769], SEEK_SET) = 0 munmap(0x40016000, 1769) = 0 close(3) = 0 socket(PF_UNIX, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_UNIX, path="/var/run/.nscd_socket"}, 110) = -1 ENOENT (No such file or directory) close(3) = 0 open("/etc/group", O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 _llseek(3, 0, [0], SEEK_CUR) = 0 fstat64(3, {st_mode=S_IFREG|0644, st_size=692, ...}) = 0 mmap2(NULL, 692, PROT_READ, MAP_SHARED, 3, 0) = 0x40016000 _llseek(3, 692, [692], SEEK_SET) = 0 munmap(0x40016000, 692) = 0 close(3) = 0 stat64("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 open("/etc/pam.d/system-auth", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=491, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000 read(3, "#%PAM-1.0\n\nauth required\t/"..., 4096) = 491 open("/lib/security/pam_env.so", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360\v\0"..., 512) = 512 fstat64(4, {st_mode=S_IFREG|0755, st_size=11484, ...}) = 0 mmap2(NULL, 14156, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x40028000 mmap2(0x4002b000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x2) = 0x4002b000 close(4) = 0 open("/lib/security/pam_unix.so", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20%\0\000"..., 512) = 512 fstat64(4, {st_mode=S_IFREG|0755, st_size=46216, ...}) = 0 mmap2(NULL, 97272, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x401d0000 mmap2(0x401db000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0xa) = 0x401db000 mmap2(0x401dc000, 48120, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x401dc000 close(4) = 0 open("/lib/security/pam_cracklib.so", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220!\0"..., 512) = 512 fstat64(4, {st_mode=S_IFREG|0755, st_size=37284, ...}) = 0 mmap2(NULL, 69472, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x401e8000 mmap2(0x401f1000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x8) = 0x401f1000 mmap2(0x401f2000, 28512, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x401f2000 close(4) = 0 open("/lib/security/pam_limits.so", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\22\0"..., 512) = 512 fstat64(4, {st_mode=S_IFREG|0755, st_size=17656, ...}) = 0 mmap2(NULL, 20016, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x401f9000 mmap2(0x401fd000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x3) = 0x401fd000 close(4) = 0 read(3, "", 4096) = 0 close(3) = 0 munmap(0x40016000, 4096) = 0 open("/etc/pam.d/other", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=198, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000 read(3, "#%PAM-1.0\n\nauth required\t/"..., 4096) = 198 read(3, "", 4096) = 0 close(3) = 0 munmap(0x40016000, 4096) = 0 getuid32() = 1000 open("/etc/passwd", O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 _llseek(3, 0, [0], SEEK_CUR) = 0 fstat64(3, {st_mode=S_IFREG|0644, st_size=1769, ...}) = 0 mmap2(NULL, 1769, PROT_READ, MAP_SHARED, 3, 0) = 0x40016000 _llseek(3, 1769, [1769], SEEK_SET) = 0 munmap(0x40016000, 1769) = 0 close(3) = 0 open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied) open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied) open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied) open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied) ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 rt_sigprocmask(SIG_BLOCK, [INT TSTP], [RTMIN], 8) = 0 time([1085610615]) = 1085610615 write(2, "Password: ", 10) = 10 ioctl(0, SNDCTL_TMR_CONTINUE or TCSETSF, {B38400 opost isig icanon -echo ...}) = 0 read(0, "Bath1182\n", 511) = 9 ioctl(0, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig icanon echo ...}) = 0 write(2, "\n", 1) = 1 rt_sigprocmask(SIG_SETMASK, [RTMIN], NULL, 8) = 0 ioctl(0, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig icanon echo ...}) = 0 open("/etc/passwd", O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 _llseek(3, 0, [0], SEEK_CUR) = 0 fstat64(3, {st_mode=S_IFREG|0644, st_size=1769, ...}) = 0 mmap2(NULL, 1769, PROT_READ, MAP_SHARED, 3, 0) = 0x40016000 _llseek(3, 1769, [1769], SEEK_SET) = 0 munmap(0x40016000, 1769) = 0 close(3) = 0 open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied) open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied) open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied) open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied) geteuid32() = 1000 pipe([3, 4]) = 0 rt_sigaction(SIGCHLD, {SIG_DFL}, {SIG_DFL}, 8) = 0 fork() = 17949 write(4, "nullok\0\0", 8) = 8 write(4, "Bath1182\0", 9) = 9 close(3) = 0 close(4) = 0 waitpid(17949, [WIFEXITED(s) && WEXITSTATUS(s) == 1], 0) = 17949 --- SIGCHLD (Child exited) @ 0 (0) --- getuid32() = 1000 geteuid32() = 1000 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 readlink("/proc/self/fd/0", "/dev/pts/3", 4095) = 10 access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory) open("/var/run/utmp", O_RDWR) = -1 EACCES (Permission denied) open("/var/run/utmp", O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 _llseek(3, 0, [0], SEEK_SET) = 0 alarm(0) = 0 rt_sigaction(SIGALRM, {0x4016fbd0, [], SA_RESTORER, 0x400973a8}, {SIG_DFL}, 8) = 0 alarm(1) = 0 fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0 read(3, "\10\0\0\0\202\25\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\1\0\0\0003N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\10\0\0\0\271\30\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\7\0\0\0\274\34\0\0vc/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\370\33\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\371\33\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\372\33\0\0tty4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\373\33\0\0tty5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\374\33\0\0tty6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\274\34\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\7\0\0\0\3\36\0\0:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "", 384) = 0 fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 alarm(0) = 1 rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0 close(3) = 0 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 readlink("/proc/self/fd/0", "/dev/pts/3", 4095) = 10 access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory) open("/var/run/utmp", O_RDWR) = -1 EACCES (Permission denied) open("/var/run/utmp", O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 _llseek(3, 0, [0], SEEK_SET) = 0 alarm(0) = 0 rt_sigaction(SIGALRM, {0x4016fbd0, [], SA_RESTORER, 0x400973a8}, {SIG_DFL}, 8) = 0 alarm(1) = 0 fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0 read(3, "\10\0\0\0\202\25\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\1\0\0\0003N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\10\0\0\0\271\30\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\7\0\0\0\274\34\0\0vc/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\370\33\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\371\33\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\372\33\0\0tty4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\373\33\0\0tty5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\374\33\0\0tty6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\274\34\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\7\0\0\0\3\36\0\0:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "", 384) = 0 fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 alarm(0) = 1 rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0 close(3) = 0 time([1085610621]) = 1085610621 open("/etc/localtime", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=1279, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000 read(3, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\5\0\0\0\5\0"..., 4096) = 1279 close(3) = 0 munmap(0x40016000, 4096) = 0 getpid() = 17933 rt_sigaction(SIGPIPE, {0x4013fac0, [], SA_RESTORER, 0x400973a8}, {SIG_DFL}, 8) = 0 socket(PF_UNIX, SOCK_DGRAM, 0) = 3 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 connect(3, {sa_family=AF_UNIX, path="/dev/log"}, 16) = -1 EPROTOTYPE (Protocol wrong type for socket) close(3) = 0 socket(PF_UNIX, SOCK_STREAM, 0) = 3 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 connect(3, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0 send(3, "<37>May 26 17:30:21 su(pam_unix)"..., 134, 0) = 134 rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0 close(3) = 0 select(0, NULL, NULL, NULL, {2, 347378}) = 0 (Timeout) time([1085610623]) = 1085610623 getpid() = 17933 rt_sigaction(SIGPIPE, {0x4013fac0, [], SA_RESTORER, 0x400973a8}, {SIG_DFL}, 8) = 0 socket(PF_UNIX, SOCK_DGRAM, 0) = 3 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 connect(3, {sa_family=AF_UNIX, path="/dev/log"}, 16) = -1 EPROTOTYPE (Protocol wrong type for socket) close(3) = 0 socket(PF_UNIX, SOCK_STREAM, 0) = 3 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 connect(3, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0 send(3, "<35>May 26 17:30:23 su[17933]: p"..., 72, 0) = 72 rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0 write(2, "su: Authentication failure\n", 27) = 27 munmap(0x40028000, 14156) = 0 munmap(0x401d0000, 97272) = 0 munmap(0x401e8000, 69472) = 0 munmap(0x401f9000, 20016) = 0 munmap(0x40017000, 7012) = 0 munmap(0x40019000, 14180) = 0 munmap(0x4001d000, 14272) = 0 munmap(0x40021000, 18172) = 0 munmap(0x40026000, 6480) = 0 open("/etc/login.defs", O_RDONLY) = 4 fstat64(4, {st_mode=S_IFREG|0644, st_size=3229, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000 read(4, "#\n# /etc/login.defs - Configurat"..., 4096) = 3229 read(4, "", 4096) = 0 close(4) = 0 munmap(0x40016000, 4096) = 0 close(3) = 0 fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 3), ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000 write(1, "Sorry.\n", 7) = 7 munmap(0x40016000, 4096) = 0 exit_group(1) = ? Process 17933 detached
