1

I'm trying to get root access for a user who is initially logged in from a console. I have root access from another method. User does not have a username, so sudo is not an option. Running su returns error "su: cannot set groups: Operation not permitted". su seems to have the correct permissions. What could be causing this?

$ whoami
whoami: cannot find name for user ID 1009500000
$ stat /bin/su
  File: '/bin/su'
  Size: 32096       Blocks: 64         IO Block: 4096   regular file
Device: fd40h/64832d    Inode: 133566      Links: 1
Access: (4755/-rwsr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2017-06-01 12:15:40.000000000 +0100
Modify: 2017-06-01 12:15:40.000000000 +0100
Change: 2017-11-16 11:00:54.706471778 +0000
 Birth: -
$ /bin/su --command=/myscript.sh
Password: 
su: cannot set groups: Operation not permitted
Kidburla
  • 131
  • 3
  • 8
  • The `nosuid` mount option would prevent the `s` file mode bit on /bin/su from working as that prevents set-user-identifier or set-group-identifier bits to take effect. – HBruijn Nov 16 '17 at 13:04
  • @HBruijn I don't think that's the case. The root directory has mount options `(rw,relatime,context="system_u:object_r:svirt_sandbox_file_t:s0:c94,c97",stripe=128,data=ordered)`. `/bin` is a symlink to `/usr/bin` and neither `/usr` or `/usr/bin` are in a separate mountpoint. – Kidburla Nov 16 '17 at 14:32
  • Check permissions of /usr/lib/sudo/sudoers.so Should be 644 for correct operation and owned by root – antrost Nov 17 '17 at 07:10
  • @antrost I'm trying to use `su` not `sudo` to gain root access here. `sudo` is actually not even installed on this box, and `/usr/lib/sudo` does not exist. – Kidburla Nov 17 '17 at 19:50

0 Answers0