Solved Stranger su error message.

tedbell

tedbell

Good afternoon,
I can no longer use "su" recently because it's giving me this error message:

Code: 
su: Not setuid and you are not root, expect this to fail
root's password:

When I enter the root passwor it fails
Code: 
Sorry!

Does anyone have any clues?
 
Hi,

the error states that su has "lost" setuid permission. What's the output of:

Code: 
ls -l /usr/bin/su

Have you issued any command ( chmod in particular) that could affect it?

Is the partition/disk where /usr/bin is located mounted with the nosuid and/or noexec option?

Do you have access to root account to correct permissions? ( chmod 04555 /usr/bin/su)
 
julp said:
Hi,

the error states that su has "lost" setuid permission. What's the output of:

Code: 
ls -l /usr/bin/su

Have you issued any command ( chmod in particular) that could affect it?

Is the partition/disk where /usr/bin is located mounted with the nosuid option?

Do you have access to root account to correct permissions? ( chmod +s /usr/bin/su)
Click to expand...

Hi,

the output of your command says:

Code: 
14520 /usr/bin/su

I can't remember if I made any chmod command affecting su.
I have doas installed and I can access the root account but I get this error when I try to correct it:

Code: 
root@freebsd:/home/jamie # chmod +s /usr/bin/su
chmod: /usr/bin/su: Operation not permitted
 
chmod: /usr/bin/su: Operation not permitted
Click to expand...
That's right, sorry, it has the immutable chflag so it needs to be cleared first:
Code: 
chflags noschg /usr/bin/su
chmod 04555 /usr/bin/su
chflags schg /usr/bin/su
 
We need to see the exact metadata state of the su command. This is what we expect:
Code: 
[strand.246] $ ls -laod /usr/bin/su
-r-sr-xr-x  1 root  wheel  schg,uarch 17232 Apr  9  2021 /usr/bin/su
 
gpw928 said:
We need to see the exact metadata state of the su command. This is what we expect:
Code: 
[strand.246] $ ls -laod /usr/bin/su
-r-sr-xr-x  1 root  wheel  schg,uarch 17232 Apr  9  2021 /usr/bin/su
Click to expand...

hi
here's the output:
Code: 
-r-sr-xr-x  1 root  wheel  schg,uarch 17232 Apr  9  2021 /usr/bin/su
 
julp said:
That's right, sorry, it has the immutable chflag so it needs to be cleared first:
Code: 
chflags noschg /usr/bin/su
chmod 04555 /usr/bin/su
chflags schg /usr/bin/su
Click to expand...

I tried this but still get the error
Code: 
root@freebsd:/home/jamie # chmod +s /usr/bin/su
chmod: /usr/bin/su: Operation not permitted
 
The file /usr/bin/su has the "schg" flag set. That makes it immutable. So chmod will fail, which is why julp advised you to clear the "schg" flag, set the mode correctly, and reapply the "schg" flag.

So, forget about the chmod. julp addressed it completely.

What happens now if you type /usr/bin/su?
 
It looks like your shell might be using an inappropriate alias for "su". Depending on your shell, some of these may identify the alias:
Code: 
which su
whence su
alias
alias -x
Also, what happens when you do this:
Code: 
/usr/bin/env - PATH="/bin:/usr/bin" /bin/sh
su
 
gpw928 said:
It looks like your shell might be using an inappropriate alias for "su". Depending on your shell, some of these may identify the alias:
Code: 
which su
whence su
alias
alias -x
Also, what happens when you do this:
Code: 
/usr/bin/env - PATH="/bin:/usr/bin" /bin/sh
su
Click to expand...
Thanks.

I use zsh and I get the error, but I also checked the other shells I have (bash, sh, tcsh) and I get the same error across all shells.
The output of your commands with zsh shows:

Code: 
~$ which su
su: aliased to nocorrect su
Code: 
~$ whence su
nocorrect su
alias (results cropped)
Code: 
su='nocorrect su'
sudo='nocorrect sudo'
alias -x doesn't work:
Code: 
~$ alias -x
alias: bad option: -x

But with sh it shows:
Code: 
$ which su
/usr/local/bin/su
The other 3 commands don't work with sh, tcsh and bash.

Why is there an "su" executable under /usr/local/bin? Would that mean it was installed by some package? Is it possible that this version is hijacking the base "su"? Is it possible that I was hacked? :-/
 
You have two versions of the su command.

The one in /usr/local/bin comes first in your path.

However the original is in /usr/bin.

The cause of the problem is now identified.

How the "extra" su command got installed might be worth identifying.

First, take a close look at both:
Code: 
ls -laod /usr/bin/su /usr/local/bin/su
sum /usr/bin/su /usr/local/bin/su
 
eternal_noob said:
This is what i was thinking but i am paranoid so i didn't post it.
Click to expand...

lol ?
I have a pretty hardened system so I don't think that would be as likely. But I found out the issue.
I use poudriere to create my own repo and I build with "libressl" as a make option. Unfortunately, I couldn't install git without changing one of the options for a dependency file (p5-GSSAPI). Using the option "GSSAPI_BASE" sdidn't build with libressl so I picked the next one down which is "GSSAPI_HEIMDAL" which installs security/heimdal. Using the plugin for pkg called ports-mgmt/pkg-provides I was able to find out that it was security/heimdal that installed /usr/local/bin/su. Removing heimdal removed git and its dependencies but su now works as normal. So I will find another solution to this.

Anyway, thank you all for your help.:D
Learned a lot!
 
I was just about to suggest security/heimdal as the only plausible candidate:
Code: 
[strand.296] $ cd /usr/ports
[strand.297] $ find . -name pkg-plist |xargs grep "/su$"
./shells/yash/pkg-plist:%%DATADIR%%/completion/su
./security/logcheck/pkg-plist:%%ETCDIR%%/ignore.d.server/su
./security/logcheck/pkg-plist:%%ETCDIR%%/violations.d/su
./security/heimdal/pkg-plist:bin/su
./sysutils/heirloom/pkg-plist:@(,,4755) %%DATADIR%%/usr/5bin/su
./sysutils/heirloom/pkg-plist:%%DATADIR%%/etc/default/su
 
gpw928 said:
I was just about to suggest security/heimdal as the only plausible candidate:
Code: 
[strand.296] $ cd /usr/ports
[strand.297] $ find . -name pkg-plist |xargs grep "/su$"
./shells/yash/pkg-plist:%%DATADIR%%/completion/su
./security/logcheck/pkg-plist:%%ETCDIR%%/ignore.d.server/su
./security/logcheck/pkg-plist:%%ETCDIR%%/violations.d/su
./security/heimdal/pkg-plist:bin/su
./sysutils/heirloom/pkg-plist:@(,,4755) %%DATADIR%%/usr/5bin/su
./sysutils/heirloom/pkg-plist:%%DATADIR%%/etc/default/su
Click to expand...

Thanks for this. I can use this to troubleshoot in the future. ?
 
You must log in or register to reply here.
Back
Top