Am Freitag, 1. Mai 2020, 22:32:58 CEST schrieb Rainer Dorsch: > Hello, > > I had an accidential / in a > > # chown -R install-user /xyz/dfak / > > command. Changing the ownership / recursively is certainly not a good idea. > > I did revert this by > > #chown -R root /etc /bin /usr ... > > (all directories why were owned by install-user). > > That was certainly overdone, so I used > > find . \! -user root -print > > on another system with a similar package list to get a list of files which > are not owned by root. > > What still does not work is "su -". > > The log in /var/log/auth.log is given by > > May 1 22:07:46 h370 unix_chkpwd[12768]: check pass; user unknown > May 1 22:07:46 h370 unix_chkpwd[12768]: password check failed for user > (root) May 1 22:07:46 h370 su: pam_unix(su-l:auth): authentication > failure; logname=rd uid=2809 euid=2809 tty=pts/0 ruser=rd rhost= user=root > May 1 22:07:48 h370 su: FAILED SU (to root) rd on pts/0 > > root login on a console works. > > Any suggestion to find out what goes wrong (and avoid reinstallation) is > welcome :-)
https://www.linuxquestions.org/questions/linux-security-4/unix-chkpwd-problem-with-linux-pam-1-1-1-trying-to-run-su-from-shadow-4-1-4-2-a-826418/ had the answer: su has an s flag for the user. It seems this got lost by a chown. # find / -perm /4000 -user root seems to be my friend now to identify other files which have a similar issue :-/ Rainer -- Rainer Dorsch Beatus-Widmann-Str. 5 72138 Kirchentellinsfurt 07157/734133