[mdlug] su Password problem
Michael S. Mikowski
z_mikowski at yahoo.com
Sat Jun 6 05:41:43 EDT 2009
Its a remote but real possibility that someone installed (or tricked you to
install) a root kit on your box. If you think this might be the case, you may
extract /bin/su from the package (or get it from a trusted source on the
internet) and compare it to your installed version.
On kubuntu:
# apt-file search /bin/su |grep '/bin/su$'
login: /bin/su
I don't recommend this for fear of messing with the login system, but you
could set aside su, reinstall the source package, and then compare the files.
# cd /bin; cp su su.20090606
# apt-get reinstall login
A good way to see if the file has changed is to use an md5sum:
# md5sum /bin/su.20090606 /bin/su
Hopefully this is helpful. I apologize if it is too remedial.
Cheers, Mike
On Thursday 04 June 2009 03:14:41 pm Drew wrote:
> At 03:38 PM 6/4/09, Aaron Kulkis wrote:
> >My guess is that su returned "wrong password" because it
> >was the wrong password, as compared to the hash of the
> >root password stored in /etc/shadow, which, by definition,
> >represents the right password.
> >
> >Now, if you can log into root using this password, then
> >su is screwed up. But my guess is that you can't login
> >to root using the password you tried, either.
>
> In this case you guess wrong. I can in fact simply log in as root, using
> the same password that su is rejecting. I just did so again to be sure.
> Also as I've mentioned Yast and Administrator Mode in Personal Preferences
> both accept the same password.
>
> Which means su is screwed up.
>
> Question is, what could have screwed/be screwing it up?
>
> >Get a rescue disk, mount the root partition, edit
> >/mnt/etc/shadow, remove the password hash (replace
> >
> >:34398b9839ghbavhabihbrwhatever: with ::), save the
> >
> >file, boot off the main system, login to root (the
> >password should be simply the return key), and then
> >IMMEDIATELY run the command passwd
>
> I might try this eventually. But I still want to know why su is being
> different.
>
> ----
>
> - Drew.
>
> _______________________________________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/listinfo/mdlug
More information about the mdlug
mailing list