I need some help on how to set up and use the "su" command within yocto jethro.
I have added two users into yocto, one is 'root' while the other is 'normal'. They both have its own password and I can ssh into either user from a different machine.
but when I issue command "su" and want to switch from user 'normal' to 'root', even with a correct 'root' password, I am still getting "su: Authentication failure" and not able to switch to root.
If you can help me with this would be much appreciated.
many thanks
Damien
解決済! 解決策の投稿を見る。
Hi Damien,
there is still some problems with permissions. How do you mount the filesystem for yocto? If you have it on different partition you can try to remount it with:
mount -o remount,suid /path_to_the_chroot_folder
It have to be mount with suid or defaults, if it is not, the kernel ignore the SUID bit. If it will not help, please look, what permission (with command ls -l) is set fot /etc/passwd and /etc/shadow and send it to me. Also send me what is in variable PATH.
Radim.
Hi Damien
try to look, if you have set SUID by this command:
$ ls -l /bin/su.shadow
Your output should look like this:
-rwsr-xr-x 1 root root 43904 Jan 14 16:51 /bin/su.shadow
If you don't have the "s" bit set, run this command and it should start work:
chmod +s /bin/su.shadow
Thanks Radim for your message.
I tried below commands without luck. As you can see, the su.shadow file
had SUID bit set, but I just can not su from a normal user (i.e.
'factory') to root. Funny enough, I can su from root to normal user.
#
#ssh as root, I can su to normal user 'factory'
root@chroot ~# ls -l /bin/su
lrwxrwxrwx 1 root root 14 Aug 24 11:29 /bin/su ->
/bin/su.shadow
root@chroot ~# ls -l /bin/su.shadow
-rwxr-xr-x 1 root root 43908 Aug 24 11:29 /bin/su.shadow
root@chroot ~# chmod +s /bin/su.shadow
root@chroot ~# ls -l /bin/su.shadow
-rwsr-sr-x 1 root root 43908 Aug 24 11:29 /bin/su.shadow
root@chroot ~# su factory
factory@chroot
#
#ssh as normal user 'factory', I can not su to 'root'
damien@DH-ubt14:~$ ssh factory@10.211.190.192
factory@10.211.190.192's password:
localhost:~$ ls -l /bin/su.shadow
-rwsr-sr-x 1 root root 43908 Aug 17 04:06 /bin/su.shadow
localhost:~$ su root
Password:
su: Authentication failure
localhost:~$ su root
Password:
su: Authentication failure
localhost:~$
Hi Damien,
in the file "/etc/login.defs" uncomment line:
#SULOG_FILE /var/log/sulog
Now try to use su from factory user and send me both file ( "/etc/login.defs" and "/var/log/sulog"). And if you can, send me also file "/etc/passwd".
Radim.
Hi Radim,
please see attachment for the two files and below for the action list I did.
damien@DH-ubt14:~$ ssh factory@10.211.190.192
factory@10.211.190.192's password:
localhost:~$ su root
Password:
su: Authentication failure
localhost:~$ cat sulog
SU 08/26 00:20 - /dev/pts/1 factory-root
localhost:~$
Thanks
Hi Damien,
This is really weird, everything looks fine. I also tested this many times in the jethro and every time it worked. Please send me files /etc/passwd
and /etc/shadow
. Do you did some changes in the system? Did you try to change root password, or delete the user and add him again?
Radim.
Thanks Radim for taking the time on this.
please see attachment for /etc/passwd & /etc/shadow. I firstly changed
the root user's password from no password to 'abc' and then added a new
user "factory" with password 'cba'. and start the su command.
the action list I did are given blow:
//1) ssh into the system with root
dropbear ssh server started
********************************
Hi root,
You are in chroot jail now ...
eth0 with IP=10.211.190.192
root@chroot ~# passwd
Changing password for root
New password:
Retype password:
Password for root changed by root
root@chroot ~# adduser factory
adduser: user 'factory' in use
root@chroot ~# deluser factory
root@chroot ~# adduser factory
Changing password for factory
New password:
Retype password:
Password for factory changed by root
root@chroot ~# chmod +s /bin/su.shadow
root@chroot ~#
//2) ssh as factory
damien@DH-ubt14:~$ ssh factory@10.211.190.192
factory@10.211.190.192's password:
localhost:~$ su
Password:
setgid: Operation not permitted //why it is different error? last time is "su: Authentication failure"
localhost:~$
Would the problem be with chroot? the yocto environment that I ssh into
actually is a chroot environment within an Android system, could the su
command actually tries to switch to android's root user rather than the
chrooted yocto root user? There is definitely something weird, because
when I ssh into it, I use the password of yocto root not the Android root.
Cheers,
Hi Damien,
there is still some problems with permissions. How do you mount the filesystem for yocto? If you have it on different partition you can try to remount it with:
mount -o remount,suid /path_to_the_chroot_folder
It have to be mount with suid or defaults, if it is not, the kernel ignore the SUID bit. If it will not help, please look, what permission (with command ls -l) is set fot /etc/passwd and /etc/shadow and send it to me. Also send me what is in variable PATH.
Radim.
Hi Radim
You are right, the problem is the partition doesn't have SUID bit set, so the system ignores the SUID bit set with the 'su' command.
Thanks for taking so much time to look into this issue for me, without your helps I would never achieve this!
Many thanks, now it all works.
Cheers,
Damien