Date: Wed, 5 Mar 1997 09:19:06 -0800 From: RGireyev@BellInd.com To: <ben@narcissus.ml.org> Cc: <questions@freebsd.org> Subject: RE: Post installation stuff Message-ID: <c=US%a=_%p=BellInd%l=CDCEXCHANGE-970305171906Z-380@cdcexchange.bellind.com>
next in thread | raw e-mail | index | archive | help
>
>> >> [..]
>>
>> Doohhh!
>>
>> Sorry completely forgot to tell you. After getting your mail I went home
>> and did the following:
>> 1. Logged in as root.
>> 2. which su (gave me the path something like /sbin/su or whatever)
>> 3. the permissions looked as follows -r-sr-xr-x
>> 4. I type chmod 455 /sbin/su
>
>Not 455, 4555. BIG difference.
>
>> 5. did ll, it then looked like: -r--r-xr-x
>> Still no go, not for a user in group wheel or group bin.
>>
>> I guess I should note here that it looks like the program executes,
>> alright, and some snippet of code within it determines that I do not
>> have the security to perform su. So it kindly spits a message to me
>> telling me that "You do not have permission to perform su ...."
>> Thanks again
OK I went home last night and looked at the source code for su
(su.c from FreeBSD-stable). Let me ask you a couple of questions
about the code below. Also, this is getting close to beeing a hackers
mailing list issue, I think, so let me know if I need to repost this
there.
195: {
196: /* only allow those in group zero to su to root. */
197: if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0)))
198: for (g = gr->gr_mem;; ++g) {
199: if (!*g)
200: errx(1,
201: "you are not in the correct group to su %s.",
202: user);
203: if (strcmp(username, *g) == 0) {
#ifdef WHEELSU
iswheelsu = 1;
#endif /* WHEELSU */
204: break;
205: }
206: }
207: }
Now, line 198 loads pointer g to the root group members, then line 203
compares username with the root group members. Line 203 seems to
make no sense. I guess I need someone who knows how su's algorithm
is supposed to work, let me know what was intended here. Thanks.
>Send me your /etc/group file, please, and the output of "ls -l `which
>su`". Note that those are backquotes around the "which su", not
>regular
>single quotes.
OK.
Unfortunately my PC is at home so the earliest I can do this is
tomorrow.
>> Rudy
>> >
>> > Ben
>> >
>> >"You have your mind on computers, it seems."
>> >
>> >
>>
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c=US%a=_%p=BellInd%l=CDCEXCHANGE-970305171906Z-380>