|
I adjusted all file permissions that were 6000+ with chmod -s to secure my system. I've now made it so secure I can only log in as root by physically accessing the machine. When I perform su with my personal account I get an incorrect password error. I assume that whatever checks the password needs to run as root and is denied access it requires. Generally I would like more clarity on what happens when an su command is issued. I welcome your insights, thanks! |
|
su will read the password file /etc/passwd. If the real id of the user calling su is 0 (usually root), it will not ask for a password. Otherwise, it asks for the password of the target user and checks it against the password stored in /etc/shadow. Then it gets shell details from /etc/passwd. So su needs access to /etc/passwd and /etc/shadow. su is one of the Gnu utilities that are found in the coreutils package. If you want to investigate it further, go to gnu.org and download the latest coreutils package and then look at the code in su.c. You don't have to read all the code, just the descriptive comments at the front. The Gnu utilities are usually very nicely documented internally. |
|
It's generally not a good idea to go around changing permissions on system files unless you really know what you're doing. If you're looking for a good way to lock down your system checkout the guide from the NSA. http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml Perhaps not, but it is a great way to learn, especially an insignificant machine or vm :) Thanks for the link!
(19 May '10, 15:45)
mdur
|
|
Most likely the mechanism for authentication being used is actually pam. Specifically, /etc/pam.d/su and /etc/pam.d/su-l |
