On Dec 1, 2006, at 6:10 PM, Dan Nicholson wrote:
On 12/1/06, Geoffrey Thomas <[EMAIL PROTECTED]> wrote:
On Dec 1, 2006, at 3:21 PM, Dan Nicholson wrote:
> On 11/29/06, Geoffrey Thomas <[EMAIL PROTECTED]> wrote:
>>
>> After boot, I get a login request and put in root and password.
>> This logs me in and bash prompt comes up.
>> I added user test13 and changed passwordl
>> The auth.log says says as noted before.
>> I then ran su test13 and got /bin/bash permission denied.
>> Auth.log says Successful su for test13 by root
>> Command users returns root only.
>
> I decided to look at the shadow source to find out the source of
this
> permission denied error. In src/login.c:
>
> /*
> * Allow authentication bypass only if real UID is zero.
> */
>
> if ((rflg || fflg || hflg) && !amroot) {
> fprintf (stderr, _("%s: Permission denied.\n"),
Prog);
> exit (1);
> }
>
> So, you are apparently going down the "authentication bypass"
route.
> Why? Somehow, rflg, fflg or hflg are being set. These correspond to
> the -r, -f or -h switches. I don't recall how login is spawned, but
> something has gone wrong there. I wish you had strace installed.
>
> Which version of shadow did you install? Which version of LFS, for
> that matter?
LFS 6.2
Shadow 4.0.15
I don't seem to be having any problem running as rootl
I'll see if I can install strace.
The interesting thing is the various log files show the correct new
users and
Password changes.
This is a strange error. strace will help nail it down considerably.
You can get strace here:
http://sourceforge.net/projects/strace/
Installation is simple: ./configure --prefix=whatever, make, make
install
Then login as root and do "strace -f -o logfile login testuser". It
will log all the system activity to logfile. There's a lot of output.
But the helpful part should be near the end. The "Permission Denied
..." should be in there.
Only other thing I've noticed is the setclock script fails on boot
up.
The system runs. Date gives the correct time and date.
Don't know if login uses system time somehow or if this is even
related.
Maybe. strace should nail that kind of issue.
--
Dan
http://linuxfromscratch.org/mailman/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/lfs/faq.html
Unsubscribe: See the above information page
End of output of strace
The write -"No mail." Does show up when login is attempted.
There seem to be alot of No such file or directory comments
-- 11632 write(1, "No mail.\n", 9) = 9
11632 rt_sigaction(SIGQUIT, {SIG_DFL}, {SIG_DFL}, 8) = 0
11632 rt_sigaction(SIGTERM, {SIG_DFL}, {SIG_DFL}, 8) = 0
11632 rt_sigaction(SIGALRM, {SIG_DFL}, {0x804a040, [ALRM],
SA_RESTART}, 8) = 0
11632 rt_sigaction(SIGHUP, {SIG_DFL}, {SIG_DFL}, 8) = 0
11632 rt_sigaction(SIGINT, {SIG_DFL}, {SIG_DFL}, 8) = 0
11632 execve("/bin/bash", ["-bash"], [/* 10 vars */]) = -1 EACCES
(Permission denied)
11632 dup(2) = 3
11632 fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
11632 fstat64(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(136,
1), ...}) = 0
11632 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
MAP_ANONYMOUS, -1, 0) = 0x40019000
11632 _llseek(3, 0, 0xbf8cbe28, SEEK_CUR) = -1 ESPIPE (Illegal seek)
11632 open("/usr/share/locale/en_US.ISO.8859-1/LC_MESSAGES/
libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
11632 open("/usr/share/locale/en_US.iso88591/LC_MESSAGES/libc.mo",
O_RDONLY) = -1 ENOENT (No such file or directory)
11632 open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY)
= -1 ENOENT (No such file or directory)
11632 open("/usr/share/locale/en.ISO.8859-1/LC_MESSAGES/libc.mo",
O_RDONLY) = -1 ENOENT (No such file or directory)
11632 open("/usr/share/locale/en.iso88591/LC_MESSAGES/libc.mo",
O_RDONLY) = -1 ENOENT (No such file or directory)
11632 open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) =
-1 ENOENT (No such file or directory)
11632 write(3, "Cannot execute /bin/bash: Permis"..., 44) = 44
11632 close(3) = 0
11632 munmap(0x40019000, 4096) = 0
11632 munmap(0x40018000, 4096) = 0
11632 exit_group(126) = ?
--
http://linuxfromscratch.org/mailman/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/lfs/faq.html
Unsubscribe: See the above information page
