After installing a new OpenBSD image on my Soekris net4801, I needed to become root to perform some post installation configuration. When I ran the su command, it exited without switching me to the root user:
$ su
Password:
Sorry
This baffled me for a minute, since my user and group identifiers looked fine, and I was in the wheel group (OpenBSD allows you to use the group wheel to control which users can become uid 0):
$ id
uid=1000(matty) gid=1000(matty) groups=1000(matty), 0(wheel)
To see what was going on, I ran ktrace to view the call path for the su executable:
$ ktrace su
Password:
Sorry
After reviewing the complete dump, I noticed that the su executable couldn’t open the secure passwd database:
$ kdump | egrep '(NAM|open)'
< ..... >
28302 su NAMI "/etc/spwd.db"
28302 su RET open -1 errno 13 Permission denied
< ..... >
It then dawned on me that I shouldn’t be able to ktrace a setuid executable as an unprivileged user, so I decided to check the permissions of the su utility to see why the kdump worked:
$ ls -la /usr/bin/su-to-root /usr/bin/sudo /usr/bin/sudoedit /usr/bin/sudoreplay /usr/bin/sum
-r-xr-xr-x 1 root wheel 14948 Mar 2 2006 /usr/bin/su
Well I’ll be. When I extracted the files tonight to create my archive, I either extracted then as an unprivileged user (which is why the setuid / setgid bits weren’t preserved), or I forgot to use tar’s “-p” option to preserve the file modes (I no longer have the history file, so I can’t see where I made my mistake). I think the tryptophan from the turkey is setting in. :)