su promlem

[FarahRegal]

When ever I try to su, I can not su.
Example
# su - John

returned su: Syntax error at line 1 : '('unexpected).

Any Ideas?

thanks .

Farah regal
good luck
"think twice and hit enter once"

 

[ayjaycee]

Looks like someone's written a script called "su" & put it in a directory higher in your path than where the "su" executable is.

Try /usr/bin/su - John & see if that works.

If so, then echo $PATH and look for su in the directories shown.

Is it possible someone's been messing around on your system?

http://www.tanda.f2s.com

One by one, the penguins steal my sanity.

 

[trunix]

Could be more than a simple script, it could be a trojan horse designed to catch login names and passwords.

Use the find command to find any scripts named su and delete them if they look at all suspicious.

 

[KenCunningham]

To discover the version of su you're using (and therefore the one you need to look at) use:

which su

that should return a path to the file being accessed. HTH.

 

[bluedevils]

or could this be an error with .profile (or equiv)?

 

[FarahRegal]

thanks guys:

I am off to day and tomorow,and I will check a soon as I will get back.

thanks
once again .

Farah regal
good luck
"think twice and hit enter once"

 

[Winstonb]

Check John's $HOME/.profile for a syntax error

 

[KenCunningham]

FRegal,

how this particular whodunnit turn out?

Regards.

 

[FarahRegal]

KenCunningham,

It looks like some body designed a trojan horse in order to catch login names and passwds.

I tried Tried /usr/bin/su - John returned su: Syntax error at line 1 : '('unexpected). I do not I have any access this particular box untill Friday. Therefore, I will let you know what result will be.




.

Farah regal
good luck
"think twice and hit enter once"

 

[Guest_imported]

Question? I know I've been on vacation for a long time now but let me see if I follow this. You type /usr/bin/su - John and it gives you a Syntax error at line 1: blah blah blah right? Normally you would be prompted for a password at this point but it bombs out before then, correct? So how are they getting your password? Forgive my stupidity since I have been relaxing for the last two months and am finally getting back into the swing of things.
Next thing, why not just ftp a good copy of "su" from one of your other servers or restore that file from a backup tape? You could always rename it for now to examine later and then bring in a working copy of su. You could also check the date of the su file. Maybe someone accidentally copied over it.

 

[bluedevils]

It's a trojan horse with a syntax error. If it worked according to intention, you wouldn't see any errors and they would get your account info.

I assume that you are doing su from a root account? This would not prompt you for a password and it may still be just an environment script (.profile, .bashrc....) syntax error.

 

[FarahRegal]

thanks

That's what I was planning; next thing, I will do is to ftp and copy of "su" from one of my other servers. I already checked the date is different other servers and quantity of file is less others. But permission and the path locations are correct. And still the problem is there. I checked in .profile or bashrc there is no any strange scripts.

I even used find command: # find / -name su -print and is
returned just regular su directories.
.

Farah regal
good luck
"think twice and hit enter once"

 

[Guest_imported]

This su is actually a executable meant for some other
platform. When Shell tries a exec on this executable,
the exec fails because this binary was for some other
platform, then it shell presumes that its a shell script
and tries to execute this su as shell script which is not
correct obviously as it is a executable. Now when shell
starts interpreting this binary with a presumption of
shell script, it gives the error "su: Syntax error at line 1 : '('unexpected)." which is very correct.