how to set up 'su' command for Yocto

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

how to set up 'su' command for Yocto

Jump to solution
4,018 Views
damienhuang
Contributor IV

I need some help on how to set up and use the "su" command within yocto jethro.

I have added two users into yocto, one is 'root' while the other is 'normal'. They both have its own password and I can ssh into either user from a different machine.

but when I issue command "su" and want to switch from user 'normal' to 'root', even with a correct 'root' password, I am still getting "su: Authentication failure" and not able to switch to root.

If you can help me with this would be much appreciated.

many thanks

Damien

Labels (2)
0 Kudos
1 Solution
3,256 Views
radimkratochvil
NXP Employee
NXP Employee

Hi Damien,

there is still some problems with permissions. How do you mount the filesystem for yocto? If you have it on different partition you can try to remount it with:

mount -o remount,suid /path_to_the_chroot_folder

It have to be mount with suid or defaults, if it is not, the kernel ignore the SUID bit. If it will not help, please look, what permission (with command ls -l) is set fot /etc/passwd and /etc/shadow and send it to me. Also send me what is in variable PATH.

Radim.

View solution in original post

0 Kudos
8 Replies
3,256 Views
radimkratochvil
NXP Employee
NXP Employee

Hi Damien

try to look, if you have set SUID by this command:

$ ls -l /bin/su.shadow

Your output should look like this:

-rwsr-xr-x 1 root root 43904 Jan 14 16:51 /bin/su.shadow

If you don't have the "s" bit set, run this command and it should start work:

chmod +s /bin/su.shadow

0 Kudos
3,256 Views
damienhuang
Contributor IV

Thanks Radim for your message.

I tried below commands without luck. As you can see, the su.shadow file

had SUID bit set, but I just can not su from a normal user (i.e.

'factory') to root. Funny enough, I can su from root to normal user.

#

#ssh as root, I can su to normal user 'factory'

root@chroot ~# ls -l /bin/su

lrwxrwxrwx 1 root root 14 Aug 24 11:29 /bin/su ->

/bin/su.shadow

root@chroot ~# ls -l /bin/su.shadow

-rwxr-xr-x 1 root root 43908 Aug 24 11:29 /bin/su.shadow

root@chroot ~# chmod +s /bin/su.shadow

root@chroot ~# ls -l /bin/su.shadow

-rwsr-sr-x 1 root root 43908 Aug 24 11:29 /bin/su.shadow

root@chroot ~# su factory

factory@chroot

#

#ssh as normal user 'factory', I can not su to 'root'

damien@DH-ubt14:~$ ssh factory@10.211.190.192

factory@10.211.190.192's password:

localhost:~$ ls -l /bin/su.shadow

-rwsr-sr-x 1 root root 43908 Aug 17 04:06 /bin/su.shadow

localhost:~$ su root

Password:

su: Authentication failure

localhost:~$ su root

Password:

su: Authentication failure

localhost:~$

0 Kudos
3,256 Views
radimkratochvil
NXP Employee
NXP Employee

Hi Damien,

in the file "/etc/login.defs" uncomment line:

#SULOG_FILE     /var/log/sulog

Now try to use su from factory user and send me both file ( "/etc/login.defs" and "/var/log/sulog"). And if you can, send me also file "/etc/passwd".

Radim.

0 Kudos
3,256 Views
damienhuang
Contributor IV

Hi Radim,

please see attachment for the two files and below for the action list I did.

damien@DH-ubt14:~$ ssh factory@10.211.190.192

factory@10.211.190.192's password:

localhost:~$ su root

Password:

su: Authentication failure

localhost:~$ cat sulog

SU 08/26 00:20 - /dev/pts/1 factory-root

localhost:~$

Thanks

0 Kudos
3,256 Views
radimkratochvil
NXP Employee
NXP Employee

Hi Damien,

This is really weird, everything looks fine. I also tested this many times in the jethro and every time it worked. Please send me files /etc/passwd and /etc/shadow. Do you did some changes in the system? Did you try to change root password, or delete the user and add him again?

Radim.

0 Kudos
3,256 Views
damienhuang
Contributor IV

Thanks Radim for taking the time on this.

please see attachment for /etc/passwd & /etc/shadow. I firstly changed

the root user's password from no password to 'abc' and then added a new

user "factory" with password 'cba'. and start the su command.

the action list I did are given blow:

//1) ssh into the system with root

dropbear ssh server started

********************************

Hi root,

You are in chroot jail now ...

eth0 with IP=10.211.190.192

root@chroot ~# passwd

Changing password for root

New password:

Retype password:

Password for root changed by root

root@chroot ~# adduser factory

adduser: user 'factory' in use

root@chroot ~# deluser factory

root@chroot ~# adduser factory

Changing password for factory

New password:

Retype password:

Password for factory changed by root

root@chroot ~# chmod +s /bin/su.shadow

root@chroot ~#

//2) ssh as factory

damien@DH-ubt14:~$ ssh factory@10.211.190.192

factory@10.211.190.192's password:

localhost:~$ su

Password:

setgid: Operation not permitted  //why it is different error? last time is "su: Authentication failure"

localhost:~$

Would the problem be with chroot? the yocto environment that I ssh into

actually is a chroot environment within an Android system, could the su

command actually tries to switch to android's root user rather than the

chrooted yocto root user? There is definitely something weird, because

when I ssh into it, I use the password of yocto root not the Android root.

Cheers,

0 Kudos
3,257 Views
radimkratochvil
NXP Employee
NXP Employee

Hi Damien,

there is still some problems with permissions. How do you mount the filesystem for yocto? If you have it on different partition you can try to remount it with:

mount -o remount,suid /path_to_the_chroot_folder

It have to be mount with suid or defaults, if it is not, the kernel ignore the SUID bit. If it will not help, please look, what permission (with command ls -l) is set fot /etc/passwd and /etc/shadow and send it to me. Also send me what is in variable PATH.

Radim.

0 Kudos
3,256 Views
damienhuang
Contributor IV

Hi Radim

You are right, the problem is the partition doesn't have SUID bit set, so the system ignores the SUID bit set with the 'su' command.

Thanks for taking so much time to look into this issue for me, without your helps I would never achieve this!

Many thanks, now it all works.

Cheers,

Damien

0 Kudos