x_terminat_or_3
asked on
pam_usb configuration problem
Hi there
I am trying to install pam_usb at home and at the office. Don't really need it at home, but at the office, since I am admin, I require to type in my root password a lot, and usually there's a person standing at my desk and I don't want them to see my password. So I usually go like 'turn around' or hide my hands under a sheet of paper while typing in the password...
I considered smart cards, but why buy something if I already have usb sticks galore?
Ok, so I found pam_usb, installed it via yum, created my keys, and then went to try and use su - but it keeps saying
* pam_usb v0.3.3, (C) 2003-2005 Andrea Luzzardi <scox@sig11.org>
* Authentication denied: remote user.
It does not even try to access the usb device (I would know this by the flashing of the led on the usb stick)
So I tried a few things, like autofs, which works when I go to the directory /mnt/auto/Home_Keys , I added an entry in fstab and played with the options but nothing seems to work.
------= Command history =---------
usbadm keygen /mnt/auto/Home_Keys andy 2048
[!] Directory /mnt/auto/Home_Keys/.auth/
[!] Generating 2048 DSA key pair for andy@earth.Andy.home
[!] Extracting private key...
[+] Private key extracted.
[+] Private key successfully written.
[!] Writing public key...
[+] Public key successfully written.
[root@earth /]# usbadm keygen /mnt/auto/Home_Keys root 2048
[!] Generating 2048 DSA key pair for root@earth.Andy.home
[!] Extracting private key...
[+] Private key extracted.
[+] Private key successfully written.
[!] Writing public key...
[+] Public key successfully written.
-------= /etc/auto.master =-----------
/mnt/auto /etc/auto.tero --timeout=4
-------= /etc/auto.tero =-------------
Home_Keys -fstype=ext3,rw,nosuid,nod
-------= /etc/fstab =-----------------
/dev/sdd1 /mnt/Home_Keys ext3 noauto
-------= /etc/pam.d/su =--------------
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth sufficient pam_usb.so force_device=/dev/sdd1
auth include system-auth
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session optional pam_xauth.so
System Information:
Linux earth.Andy.home 2.6.20-1.2925_1.fc6.cubbi_
pam-0.99.6.2-3.16.fc6
pam_usb-0.3.3-6.fc6
Thank you for any help.
I am trying to install pam_usb at home and at the office. Don't really need it at home, but at the office, since I am admin, I require to type in my root password a lot, and usually there's a person standing at my desk and I don't want them to see my password. So I usually go like 'turn around' or hide my hands under a sheet of paper while typing in the password...
I considered smart cards, but why buy something if I already have usb sticks galore?
Ok, so I found pam_usb, installed it via yum, created my keys, and then went to try and use su - but it keeps saying
* pam_usb v0.3.3, (C) 2003-2005 Andrea Luzzardi <scox@sig11.org>
* Authentication denied: remote user.
It does not even try to access the usb device (I would know this by the flashing of the led on the usb stick)
So I tried a few things, like autofs, which works when I go to the directory /mnt/auto/Home_Keys , I added an entry in fstab and played with the options but nothing seems to work.
------= Command history =---------
usbadm keygen /mnt/auto/Home_Keys andy 2048
[!] Directory /mnt/auto/Home_Keys/.auth/
[!] Generating 2048 DSA key pair for andy@earth.Andy.home
[!] Extracting private key...
[+] Private key extracted.
[+] Private key successfully written.
[!] Writing public key...
[+] Public key successfully written.
[root@earth /]# usbadm keygen /mnt/auto/Home_Keys root 2048
[!] Generating 2048 DSA key pair for root@earth.Andy.home
[!] Extracting private key...
[+] Private key extracted.
[+] Private key successfully written.
[!] Writing public key...
[+] Public key successfully written.
-------= /etc/auto.master =-----------
/mnt/auto /etc/auto.tero --timeout=4
-------= /etc/auto.tero =-------------
Home_Keys -fstype=ext3,rw,nosuid,nod
-------= /etc/fstab =-----------------
/dev/sdd1 /mnt/Home_Keys ext3 noauto
-------= /etc/pam.d/su =--------------
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth sufficient pam_usb.so force_device=/dev/sdd1
auth include system-auth
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session optional pam_xauth.so
System Information:
Linux earth.Andy.home 2.6.20-1.2925_1.fc6.cubbi_
pam-0.99.6.2-3.16.fc6
pam_usb-0.3.3-6.fc6
Thank you for any help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Perhaps 'ls -lash /mnt/auto/Home_Keys' and see if the shell has access to the password key files.
Also can you post the output of
cat /etc/pam.d/usb
??
Also can you post the output of
cat /etc/pam.d/usb
??
I just tested pam_usb 0.3.3 on my RH Enterprise Linux 4.0 kernel 2.6.9 it works flawlessly.
I used this line in /etc/pam.d/su:
auth sufficient /lib/security/pam_usb.so !check_device !check_if_mounted
This line is located just below 'auth sufficient pam_rootok.so' as on your server
Also I noted that pam_usb.so doesn't have execute permisstions after installation, you may change it, but it works even without +x here.
If no device configured, pam_usb searches all devices and all for .auth directory.
One difference from your configuration, I have a FAT filesystem on may USB stick, you may try to change it to FAT and try again.
> Second, I don't want to keep the usb key plugged in all the time either. What I really want is, whenever it says enter password, that is says enter password, or insert key.
You don't need to have USB always plugged in, when it's there, it's used, when not - you are asked for a password. 'auth sufficient' is exactly for that behaviour
> Failing, that, having the usb key present when doing su, or other should be accepted too. I'll try the extra options
pam_usb checks if user is local or remote, it get keys from USB only for local users from physical console, otherwise it asks for a password.
What about
I used this line in /etc/pam.d/su:
auth sufficient /lib/security/pam_usb.so !check_device !check_if_mounted
This line is located just below 'auth sufficient pam_rootok.so' as on your server
Also I noted that pam_usb.so doesn't have execute permisstions after installation, you may change it, but it works even without +x here.
If no device configured, pam_usb searches all devices and all for .auth directory.
One difference from your configuration, I have a FAT filesystem on may USB stick, you may try to change it to FAT and try again.
> Second, I don't want to keep the usb key plugged in all the time either. What I really want is, whenever it says enter password, that is says enter password, or insert key.
You don't need to have USB always plugged in, when it's there, it's used, when not - you are asked for a password. 'auth sufficient' is exactly for that behaviour
> Failing, that, having the usb key present when doing su, or other should be accepted too. I'll try the extra options
pam_usb checks if user is local or remote, it get keys from USB only for local users from physical console, otherwise it asks for a password.
What about
ASKER
Well for some reason, it does not even look for .auth directories, but thinks that I am a remote user, as it says above: "* Authentication denied: remote user."
To prove this, have a look at the strace when I type su - (with pam_usb enabled)
strace su -
execve("/bin/su", ["su", "-"], [/* 48 vars */]) = 0
brk(0) = 0x80862000
uname({sys="Linux", node="earth.Andy.home", ...}) = 0
access("/etc/ld.so.preload
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=124955, ...}) = 0
mmap2(NULL, 124955, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f87000
close(3) = 0
open("/lib/libpam.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(3, {st_mode=S_IFREG|0755, st_size=43592, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
mmap2(NULL, 44924, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0xd7d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(3) = 0
open("/lib/libpam_misc.so.
read(3, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(3, {st_mode=S_IFREG|0755, st_size=10156, ...}) = 0
mmap2(NULL, 11352, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x642000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(3) = 0
open("/lib/libcrypt.so.1",
read(3, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(3, {st_mode=S_IFREG|0755, st_size=27836, ...}) = 0
mmap2(NULL, 184636, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x115000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
mmap2(0x117000, 155964, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(3) = 0
open("/lib/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(3, {st_mode=S_IFREG|0755, st_size=16528, ...}) = 0
mmap2(NULL, 12408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x1e6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(3, {st_mode=S_IFREG|0755, st_size=1576920, ...}) = 0
mmap2(NULL, 1295780, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x538000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
mmap2(0x53b000, 9636, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(3) = 0
open("/lib/libaudit.so.0",
read(3, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(3, {st_mode=S_IFREG|0755, st_size=75292, ...}) = 0
mmap2(NULL, 78132, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x76e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
set_thread_area({entry_num
mprotect(0x538000, 8192, PROT_READ) = 0
mprotect(0x1e6000, 4096, PROT_READ) = 0
mprotect(0x115000, 4096, PROT_READ) = 0
mprotect(0x751000, 4096, PROT_READ) = 0
munmap(0xb7f87000, 124955) = 0
brk(0) = 0x80862000
brk(0x80883000) = 0x80883000
open("/usr/lib/locale/loca
fstat64(3, {st_mode=S_IFREG|0644, st_size=55574128, ...}) = 0
mmap2(NULL, 2097152, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7d84000
close(3) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket
close(3) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket
close(3) = 0
open("/etc/nsswitch.conf",
fstat64(3, {st_mode=S_IFREG|0644, st_size=1696, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1696
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb7fa5000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=124955, ...}) = 0
mmap2(NULL, 124955, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f87000
close(3) = 0
open("/lib/libnss_files.so
read(3, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(3, {st_mode=S_IFREG|0755, st_size=46740, ...}) = 0
mmap2(NULL, 41616, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x2f7000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(3) = 0
mprotect(0x2f7000, 4096, PROT_READ) = 0
munmap(0xb7f87000, 124955) = 0
open("/etc/passwd", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=2478, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(3, "root:x:0:0:root:/root:/bi
close(3) = 0
munmap(0xb7fa5000, 4096) = 0
stat64("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/etc/pam.d/su-l", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=137, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(3, "#%PAM-1.0\nauth\t\tinclud
open("/etc/pam.d/su", O_RDONLY|O_LARGEFILE) = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=582, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(4, "#%PAM-1.0\nauth\t\tsuffic
open("/lib/security/pam_ro
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=3304, ...}) = 0
mmap2(NULL, 6124, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0xc34000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
open("/etc/ld.so.cache", O_RDONLY) = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=124955, ...}) = 0
mmap2(NULL, 124955, PROT_READ, MAP_PRIVATE, 5, 0) = 0xb7d65000
close(5) = 0
open("/lib/libselinux.so.1
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=93512, ...}) = 0
mmap2(NULL, 93016, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x620000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
open("/lib/libsepol.so.1",
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=245376, ...}) = 0
mmap2(NULL, 285024, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0xae9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
mmap2(0xaea000, 39264, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
access("/etc/selinux/", F_OK) = 0
open("/etc/selinux/config"
fstat64(5, {st_mode=S_IFREG|0644, st_size=511, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(5, "# This file controls the state o"..., 4096) = 511
read(5, "", 4096) = 0
close(5) = 0
munmap(0xb7fa3000, 4096) = 0
open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(5, "rootfs / rootfs rw 0 0\n/dev/root"..., 1024) = 836
read(5, "", 1024) = 0
close(5) = 0
munmap(0xb7fa3000, 4096) = 0
munmap(0xb7d65000, 124955) = 0
open("/lib/security/pam_us
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=27168, ...}) = 0
mmap2(NULL, 30116, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0xbda000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
open("/etc/ld.so.cache", O_RDONLY) = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=124955, ...}) = 0
mmap2(NULL, 124955, PROT_READ, MAP_PRIVATE, 5, 0) = 0xb7d65000
close(5) = 0
open("/lib/libssl.so.6", O_RDONLY) = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=280688, ...}) = 0
mmap2(NULL, 281884, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x17f000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
open("/usr/lib/libgssapi_k
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=172844, ...}) = 0
mmap2(NULL, 175804, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x9f6000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
open("/usr/lib/libkrb5.so.
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=557868, ...}) = 0
mmap2(NULL, 556612, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x995000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
open("/lib/libcom_err.so.2
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=7944, ...}) = 0
mmap2(NULL, 9356, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x54a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
open("/usr/lib/libk5crypto
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=155608, ...}) = 0
mmap2(NULL, 155040, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x5d0000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
open("/lib/libresolv.so.2"
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=76392, ...}) = 0
mmap2(NULL, 75976, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x192000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
mmap2(0x194000, 6344, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
open("/lib/libcrypto.so.6"
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=1238928, ...}) = 0
mmap2(NULL, 1250008, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x88c000, 73728, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
mmap2(0x89e000, 13016, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
open("/usr/lib/libz.so.1",
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=75284, ...}) = 0
mmap2(NULL, 76656, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0xe5d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
open("/usr/lib/libkrb5supp
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=29048, ...}) = 0
mmap2(NULL, 31848, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0xdb3000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
mprotect(0x192000, 4096, PROT_READ) = 0
munmap(0xb7d65000, 124955) = 0
open("/etc/pam.d/system-au
fstat64(5, {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(5, "#%PAM-1.0\n# This file is auto-ge"..., 4096) = 844
open("/lib/security/pam_en
read(6, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(6, {st_mode=S_IFREG|0755, st_size=10444, ...}) = 0
mmap2(NULL, 13264, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0xd51000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(6) = 0
open("/lib/security/pam_un
read(6, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(6, {st_mode=S_IFREG|0755, st_size=45340, ...}) = 0
mmap2(NULL, 97444, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x62d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
mmap2(0x62e000, 48292, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(6) = 0
open("/etc/ld.so.cache", O_RDONLY) = 6
fstat64(6, {st_mode=S_IFREG|0644, st_size=124955, ...}) = 0
mmap2(NULL, 124955, PROT_READ, MAP_PRIVATE, 6, 0) = 0xb7d65000
close(6) = 0
open("/usr/lib/libcrack.so
read(6, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(6, {st_mode=S_IFREG|0755, st_size=29952, ...}) = 0
mmap2(NULL, 46304, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x19d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
mmap2(0x19e000, 13536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(6) = 0
open("/lib/libnsl.so.1", O_RDONLY) = 6
read(6, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(6, {st_mode=S_IFREG|0755, st_size=101036, ...}) = 0
mmap2(NULL, 91944, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x1b5000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
mmap2(0x1b7000, 5928, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(6) = 0
mprotect(0x1b5000, 4096, PROT_READ) = 0
munmap(0xb7d65000, 124955) = 0
open("/lib/security/pam_su
read(6, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(6, {st_mode=S_IFREG|0755, st_size=11848, ...}) = 0
mmap2(NULL, 14664, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0xe95000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(6) = 0
open("/lib/security/pam_de
read(6, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(6, {st_mode=S_IFREG|0755, st_size=2988, ...}) = 0
mmap2(NULL, 5856, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x1ba000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(6) = 0
read(5, "", 4096) = 0
close(5) = 0
munmap(0xb7fa3000, 4096) = 0
read(4, "", 4096) = 0
close(4) = 0
munmap(0xb7fa4000, 4096) = 0
open("/etc/pam.d/su", O_RDONLY|O_LARGEFILE) = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=582, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(4, "#%PAM-1.0\nauth\t\tsuffic
open("/etc/pam.d/system-au
fstat64(5, {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(5, "#%PAM-1.0\n# This file is auto-ge"..., 4096) = 844
open("/lib/security/pam_pe
read(6, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(6, {st_mode=S_IFREG|0755, st_size=3328, ...}) = 0
mmap2(NULL, 6148, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0xd8e000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(6) = 0
read(5, "", 4096) = 0
close(5) = 0
munmap(0xb7fa3000, 4096) = 0
read(4, "", 4096) = 0
close(4) = 0
munmap(0xb7fa4000, 4096) = 0
open("/etc/pam.d/su", O_RDONLY|O_LARGEFILE) = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=582, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(4, "#%PAM-1.0\nauth\t\tsuffic
open("/etc/pam.d/system-au
fstat64(5, {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(5, "#%PAM-1.0\n# This file is auto-ge"..., 4096) = 844
open("/lib/security/pam_cr
read(6, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(6, {st_mode=S_IFREG|0755, st_size=11292, ...}) = 0
mmap2(NULL, 30528, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x373000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
mmap2(0x374000, 14144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(6) = 0
read(5, "", 4096) = 0
close(5) = 0
munmap(0xb7fa3000, 4096) = 0
read(4, "", 4096) = 0
close(4) = 0
munmap(0xb7fa4000, 4096) = 0
open("/lib/security/pam_ke
read(4, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(4, {st_mode=S_IFREG|0755, st_size=5692, ...}) = 0
mmap2(NULL, 4436, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x286000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(4) = 0
open("/etc/pam.d/su", O_RDONLY|O_LARGEFILE) = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=582, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(4, "#%PAM-1.0\nauth\t\tsuffic
open("/etc/pam.d/system-au
fstat64(5, {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(5, "#%PAM-1.0\n# This file is auto-ge"..., 4096) = 844
open("/lib/security/pam_li
read(6, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(6, {st_mode=S_IFREG|0755, st_size=11392, ...}) = 0
mmap2(NULL, 14212, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0xfa7000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(6) = 0
read(5, "", 4096) = 0
close(5) = 0
munmap(0xb7fa3000, 4096) = 0
open("/lib/security/pam_xa
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=12496, ...}) = 0
mmap2(NULL, 15316, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0xa16000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
read(4, "", 4096) = 0
close(4) = 0
munmap(0xb7fa4000, 4096) = 0
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb7fa5000, 4096) = 0
open("/etc/pam.d/other", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=154, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(3, "#%PAM-1.0\nauth required "..., 4096) = 154
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb7fa5000, 4096) = 0
getuid32() = 500
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
getuid32() = 500
open("/etc/passwd", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=2478, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(3, "root:x:0:0:root:/root:/bi
close(3) = 0
munmap(0xb7fa5000, 4096) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
readlink("/proc/self/fd/0"
fstat64(0, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...}) = 0
stat64("/dev/pts", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
open("/dev/pts", O_RDONLY|O_NONBLOCK|O_LARG
fstat64(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
getdents64(3, /* 8 entries */, 1024) = 192
stat64("/dev/pts/1", {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...}) = 0
close(3) = 0
time(NULL) = 1175713851
getuid32() = 500
write(2, "* ", 2* ) = 2
write(2, "pam_usb v0.3.3, (C) 2003-2005 An"..., 63pam_usb v0.3.3, (C) 2003-2005 Andrea Luzzardi <scox@sig11.org>
) = 63
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
readlink("/proc/self/fd/0"
fstat64(0, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...}) = 0
stat64("/dev/pts", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
open("/dev/pts", O_RDONLY|O_NONBLOCK|O_LARG
fstat64(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
getdents64(3, /* 8 entries */, 1024) = 192
stat64("/dev/pts/1", {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...}) = 0
close(3) = 0
access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDWR) = -1 EACCES (Permission denied)
open("/var/run/utmp", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
_llseek(3, 0, [0], SEEK_SET) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\10\0\0\0\206\1\0\0\0\0\0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\2\0\0\0\0\0\0\0~\0\0\0\0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\1\0\0\0005N\0\0~\0\0\0\0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\10\0\0\0P\10\0\0\0\0\0\0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\6\0\0\0\346\16\0\0tty1\0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\6\0\0\0\347\16\0\0tty2\0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\6\0\0\0\350\16\0\0tty3\0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\6\0\0\0\351\16\0\0tty4\0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\6\0\0\0\352\16\0\0tty5\0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\6\0\0\0\355\16\0\0tty6\0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\5\0\0\0\356\16\0\0\0\0\0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\7\0\0\0H\17\0\0:0\0\0\0\
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\10\0\0\0\205\22\0\0ttyS0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "", 384) = 0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
close(3) = 0
write(2, "* ", 2* ) = 2
write(2, "Authentication denied: remote us"..., 36Authentication denied: remote user.
) = 36
getuid32() = 500
open("/etc/passwd", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=2478, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(3, "root:x:0:0:root:/root:/bi
close(3) = 0
munmap(0xb7fa5000, 4096) = 0
open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied)
open("/usr/share/locale/lo
fstat64(3, {st_mode=S_IFREG|0644, st_size=2528, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(3, "# Locale name alias data base.\n#"..., 4096) = 2528
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb7fa5000, 4096) = 0
open("/usr/share/locale/en
open("/usr/share/locale/en
open("/usr/share/locale/en
open("/usr/share/locale/en
open("/usr/share/locale/en
open("/usr/share/locale/en
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
rt_sigprocmask(SIG_BLOCK, [INT TSTP], [], 8) = 0
time(NULL) = 1175713851
ioctl(0, SNDCTL_TMR_CONTINUE or TCSETSF, {B38400 opost isig icanon -echo ...}) = 0
write(2, "Password: ", 10Password: ) = 10
read(0,
To prove this, have a look at the strace when I type su - (with pam_usb enabled)
strace su -
execve("/bin/su", ["su", "-"], [/* 48 vars */]) = 0
brk(0) = 0x80862000
uname({sys="Linux", node="earth.Andy.home", ...}) = 0
access("/etc/ld.so.preload
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=124955, ...}) = 0
mmap2(NULL, 124955, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f87000
close(3) = 0
open("/lib/libpam.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(3, {st_mode=S_IFREG|0755, st_size=43592, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
mmap2(NULL, 44924, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0xd7d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(3) = 0
open("/lib/libpam_misc.so.
read(3, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(3, {st_mode=S_IFREG|0755, st_size=10156, ...}) = 0
mmap2(NULL, 11352, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x642000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(3) = 0
open("/lib/libcrypt.so.1",
read(3, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(3, {st_mode=S_IFREG|0755, st_size=27836, ...}) = 0
mmap2(NULL, 184636, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x115000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
mmap2(0x117000, 155964, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(3) = 0
open("/lib/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(3, {st_mode=S_IFREG|0755, st_size=16528, ...}) = 0
mmap2(NULL, 12408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x1e6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(3, {st_mode=S_IFREG|0755, st_size=1576920, ...}) = 0
mmap2(NULL, 1295780, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x538000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
mmap2(0x53b000, 9636, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(3) = 0
open("/lib/libaudit.so.0",
read(3, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(3, {st_mode=S_IFREG|0755, st_size=75292, ...}) = 0
mmap2(NULL, 78132, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x76e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
set_thread_area({entry_num
mprotect(0x538000, 8192, PROT_READ) = 0
mprotect(0x1e6000, 4096, PROT_READ) = 0
mprotect(0x115000, 4096, PROT_READ) = 0
mprotect(0x751000, 4096, PROT_READ) = 0
munmap(0xb7f87000, 124955) = 0
brk(0) = 0x80862000
brk(0x80883000) = 0x80883000
open("/usr/lib/locale/loca
fstat64(3, {st_mode=S_IFREG|0644, st_size=55574128, ...}) = 0
mmap2(NULL, 2097152, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7d84000
close(3) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket
close(3) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket
close(3) = 0
open("/etc/nsswitch.conf",
fstat64(3, {st_mode=S_IFREG|0644, st_size=1696, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1696
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb7fa5000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=124955, ...}) = 0
mmap2(NULL, 124955, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f87000
close(3) = 0
open("/lib/libnss_files.so
read(3, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(3, {st_mode=S_IFREG|0755, st_size=46740, ...}) = 0
mmap2(NULL, 41616, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x2f7000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(3) = 0
mprotect(0x2f7000, 4096, PROT_READ) = 0
munmap(0xb7f87000, 124955) = 0
open("/etc/passwd", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=2478, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(3, "root:x:0:0:root:/root:/bi
close(3) = 0
munmap(0xb7fa5000, 4096) = 0
stat64("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/etc/pam.d/su-l", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=137, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(3, "#%PAM-1.0\nauth\t\tinclud
open("/etc/pam.d/su", O_RDONLY|O_LARGEFILE) = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=582, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(4, "#%PAM-1.0\nauth\t\tsuffic
open("/lib/security/pam_ro
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=3304, ...}) = 0
mmap2(NULL, 6124, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0xc34000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
open("/etc/ld.so.cache", O_RDONLY) = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=124955, ...}) = 0
mmap2(NULL, 124955, PROT_READ, MAP_PRIVATE, 5, 0) = 0xb7d65000
close(5) = 0
open("/lib/libselinux.so.1
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=93512, ...}) = 0
mmap2(NULL, 93016, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x620000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
open("/lib/libsepol.so.1",
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=245376, ...}) = 0
mmap2(NULL, 285024, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0xae9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
mmap2(0xaea000, 39264, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
access("/etc/selinux/", F_OK) = 0
open("/etc/selinux/config"
fstat64(5, {st_mode=S_IFREG|0644, st_size=511, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(5, "# This file controls the state o"..., 4096) = 511
read(5, "", 4096) = 0
close(5) = 0
munmap(0xb7fa3000, 4096) = 0
open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(5, "rootfs / rootfs rw 0 0\n/dev/root"..., 1024) = 836
read(5, "", 1024) = 0
close(5) = 0
munmap(0xb7fa3000, 4096) = 0
munmap(0xb7d65000, 124955) = 0
open("/lib/security/pam_us
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=27168, ...}) = 0
mmap2(NULL, 30116, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0xbda000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
open("/etc/ld.so.cache", O_RDONLY) = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=124955, ...}) = 0
mmap2(NULL, 124955, PROT_READ, MAP_PRIVATE, 5, 0) = 0xb7d65000
close(5) = 0
open("/lib/libssl.so.6", O_RDONLY) = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=280688, ...}) = 0
mmap2(NULL, 281884, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x17f000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
open("/usr/lib/libgssapi_k
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=172844, ...}) = 0
mmap2(NULL, 175804, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x9f6000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
open("/usr/lib/libkrb5.so.
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=557868, ...}) = 0
mmap2(NULL, 556612, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x995000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
open("/lib/libcom_err.so.2
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=7944, ...}) = 0
mmap2(NULL, 9356, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x54a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
open("/usr/lib/libk5crypto
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=155608, ...}) = 0
mmap2(NULL, 155040, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x5d0000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
open("/lib/libresolv.so.2"
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=76392, ...}) = 0
mmap2(NULL, 75976, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x192000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
mmap2(0x194000, 6344, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
open("/lib/libcrypto.so.6"
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=1238928, ...}) = 0
mmap2(NULL, 1250008, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x88c000, 73728, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
mmap2(0x89e000, 13016, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
open("/usr/lib/libz.so.1",
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=75284, ...}) = 0
mmap2(NULL, 76656, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0xe5d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
open("/usr/lib/libkrb5supp
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=29048, ...}) = 0
mmap2(NULL, 31848, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0xdb3000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
mprotect(0x192000, 4096, PROT_READ) = 0
munmap(0xb7d65000, 124955) = 0
open("/etc/pam.d/system-au
fstat64(5, {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(5, "#%PAM-1.0\n# This file is auto-ge"..., 4096) = 844
open("/lib/security/pam_en
read(6, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(6, {st_mode=S_IFREG|0755, st_size=10444, ...}) = 0
mmap2(NULL, 13264, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0xd51000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(6) = 0
open("/lib/security/pam_un
read(6, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(6, {st_mode=S_IFREG|0755, st_size=45340, ...}) = 0
mmap2(NULL, 97444, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x62d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
mmap2(0x62e000, 48292, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(6) = 0
open("/etc/ld.so.cache", O_RDONLY) = 6
fstat64(6, {st_mode=S_IFREG|0644, st_size=124955, ...}) = 0
mmap2(NULL, 124955, PROT_READ, MAP_PRIVATE, 6, 0) = 0xb7d65000
close(6) = 0
open("/usr/lib/libcrack.so
read(6, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(6, {st_mode=S_IFREG|0755, st_size=29952, ...}) = 0
mmap2(NULL, 46304, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x19d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
mmap2(0x19e000, 13536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(6) = 0
open("/lib/libnsl.so.1", O_RDONLY) = 6
read(6, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(6, {st_mode=S_IFREG|0755, st_size=101036, ...}) = 0
mmap2(NULL, 91944, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x1b5000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
mmap2(0x1b7000, 5928, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(6) = 0
mprotect(0x1b5000, 4096, PROT_READ) = 0
munmap(0xb7d65000, 124955) = 0
open("/lib/security/pam_su
read(6, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(6, {st_mode=S_IFREG|0755, st_size=11848, ...}) = 0
mmap2(NULL, 14664, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0xe95000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(6) = 0
open("/lib/security/pam_de
read(6, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(6, {st_mode=S_IFREG|0755, st_size=2988, ...}) = 0
mmap2(NULL, 5856, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x1ba000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(6) = 0
read(5, "", 4096) = 0
close(5) = 0
munmap(0xb7fa3000, 4096) = 0
read(4, "", 4096) = 0
close(4) = 0
munmap(0xb7fa4000, 4096) = 0
open("/etc/pam.d/su", O_RDONLY|O_LARGEFILE) = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=582, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(4, "#%PAM-1.0\nauth\t\tsuffic
open("/etc/pam.d/system-au
fstat64(5, {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(5, "#%PAM-1.0\n# This file is auto-ge"..., 4096) = 844
open("/lib/security/pam_pe
read(6, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(6, {st_mode=S_IFREG|0755, st_size=3328, ...}) = 0
mmap2(NULL, 6148, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0xd8e000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(6) = 0
read(5, "", 4096) = 0
close(5) = 0
munmap(0xb7fa3000, 4096) = 0
read(4, "", 4096) = 0
close(4) = 0
munmap(0xb7fa4000, 4096) = 0
open("/etc/pam.d/su", O_RDONLY|O_LARGEFILE) = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=582, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(4, "#%PAM-1.0\nauth\t\tsuffic
open("/etc/pam.d/system-au
fstat64(5, {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(5, "#%PAM-1.0\n# This file is auto-ge"..., 4096) = 844
open("/lib/security/pam_cr
read(6, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(6, {st_mode=S_IFREG|0755, st_size=11292, ...}) = 0
mmap2(NULL, 30528, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x373000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
mmap2(0x374000, 14144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(6) = 0
read(5, "", 4096) = 0
close(5) = 0
munmap(0xb7fa3000, 4096) = 0
read(4, "", 4096) = 0
close(4) = 0
munmap(0xb7fa4000, 4096) = 0
open("/lib/security/pam_ke
read(4, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(4, {st_mode=S_IFREG|0755, st_size=5692, ...}) = 0
mmap2(NULL, 4436, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0x286000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(4) = 0
open("/etc/pam.d/su", O_RDONLY|O_LARGEFILE) = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=582, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(4, "#%PAM-1.0\nauth\t\tsuffic
open("/etc/pam.d/system-au
fstat64(5, {st_mode=S_IFREG|0644, st_size=844, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(5, "#%PAM-1.0\n# This file is auto-ge"..., 4096) = 844
open("/lib/security/pam_li
read(6, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(6, {st_mode=S_IFREG|0755, st_size=11392, ...}) = 0
mmap2(NULL, 14212, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0xfa7000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(6) = 0
read(5, "", 4096) = 0
close(5) = 0
munmap(0xb7fa3000, 4096) = 0
open("/lib/security/pam_xa
read(5, "\177ELF\1\1\1\0\0\0\0\0\0
fstat64(5, {st_mode=S_IFREG|0755, st_size=12496, ...}) = 0
mmap2(NULL, 15316, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
mmap2(0xa16000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_
close(5) = 0
read(4, "", 4096) = 0
close(4) = 0
munmap(0xb7fa4000, 4096) = 0
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb7fa5000, 4096) = 0
open("/etc/pam.d/other", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=154, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(3, "#%PAM-1.0\nauth required "..., 4096) = 154
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb7fa5000, 4096) = 0
getuid32() = 500
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
getuid32() = 500
open("/etc/passwd", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=2478, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(3, "root:x:0:0:root:/root:/bi
close(3) = 0
munmap(0xb7fa5000, 4096) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
readlink("/proc/self/fd/0"
fstat64(0, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...}) = 0
stat64("/dev/pts", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
open("/dev/pts", O_RDONLY|O_NONBLOCK|O_LARG
fstat64(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
getdents64(3, /* 8 entries */, 1024) = 192
stat64("/dev/pts/1", {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...}) = 0
close(3) = 0
time(NULL) = 1175713851
getuid32() = 500
write(2, "* ", 2* ) = 2
write(2, "pam_usb v0.3.3, (C) 2003-2005 An"..., 63pam_usb v0.3.3, (C) 2003-2005 Andrea Luzzardi <scox@sig11.org>
) = 63
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
readlink("/proc/self/fd/0"
fstat64(0, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...}) = 0
stat64("/dev/pts", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
open("/dev/pts", O_RDONLY|O_NONBLOCK|O_LARG
fstat64(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
getdents64(3, /* 8 entries */, 1024) = 192
stat64("/dev/pts/1", {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...}) = 0
close(3) = 0
access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDWR) = -1 EACCES (Permission denied)
open("/var/run/utmp", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
_llseek(3, 0, [0], SEEK_SET) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\10\0\0\0\206\1\0\0\0\0\0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\2\0\0\0\0\0\0\0~\0\0\0\0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\1\0\0\0005N\0\0~\0\0\0\0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\10\0\0\0P\10\0\0\0\0\0\0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\6\0\0\0\346\16\0\0tty1\0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\6\0\0\0\347\16\0\0tty2\0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\6\0\0\0\350\16\0\0tty3\0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\6\0\0\0\351\16\0\0tty4\0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\6\0\0\0\352\16\0\0tty5\0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\6\0\0\0\355\16\0\0tty6\0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\5\0\0\0\356\16\0\0\0\0\0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\7\0\0\0H\17\0\0:0\0\0\0\
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "\10\0\0\0\205\22\0\0ttyS0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0x5010b0, [], SA_RESTORER, 0x429de8}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(3, "", 384) = 0
fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
close(3) = 0
write(2, "* ", 2* ) = 2
write(2, "Authentication denied: remote us"..., 36Authentication denied: remote user.
) = 36
getuid32() = 500
open("/etc/passwd", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=2478, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(3, "root:x:0:0:root:/root:/bi
close(3) = 0
munmap(0xb7fa5000, 4096) = 0
open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied)
open("/usr/share/locale/lo
fstat64(3, {st_mode=S_IFREG|0644, st_size=2528, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
read(3, "# Locale name alias data base.\n#"..., 4096) = 2528
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb7fa5000, 4096) = 0
open("/usr/share/locale/en
open("/usr/share/locale/en
open("/usr/share/locale/en
open("/usr/share/locale/en
open("/usr/share/locale/en
open("/usr/share/locale/en
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
rt_sigprocmask(SIG_BLOCK, [INT TSTP], [], 8) = 0
time(NULL) = 1175713851
ioctl(0, SNDCTL_TMR_CONTINUE or TCSETSF, {B38400 opost isig icanon -echo ...}) = 0
write(2, "Password: ", 10Password: ) = 10
read(0,
Well, x_terminator_3, at least pam_usb works :-)
Now let's look why it doesn't work correctly, hopefully we have sources.
Very handy files are conf.c and pam.c
In conf.c you may find all possible configurable options. This option probably helps you (and all other remote users) to get 'root' access:
allow_remote=1
But the problem is in that you are incorrectly (as you say) identified as a remote user, being local. pam_usb thinks that console is local if your stdin device is one of the following: /dev/vc/X /dev/ttyX ttyX, but your device (as I see from trace) is ptsX. You are most probably run 'su' from 'ssh' or from 'screen' sessions.
Now let's look why it doesn't work correctly, hopefully we have sources.
Very handy files are conf.c and pam.c
In conf.c you may find all possible configurable options. This option probably helps you (and all other remote users) to get 'root' access:
allow_remote=1
But the problem is in that you are incorrectly (as you say) identified as a remote user, being local. pam_usb thinks that console is local if your stdin device is one of the following: /dev/vc/X /dev/ttyX ttyX, but your device (as I see from trace) is ptsX. You are most probably run 'su' from 'ssh' or from 'screen' sessions.
BTW you may find your current terminal name with 'w' command.
In found one more possible reason why usb_pam thinks you are a 'remote' user. All terminal sessions withing X also use pseudo terminal devises ptsX, so it's possible that you run 'su' from a terminal windows within X. If you switch to console window (suppose with Alt-Ctrl-F1) you should be able to do 'su'.
ASKER
Yes that does work, and you are right, I am using terminals in X
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I will leave the following recommendation for this question in the Cleanup Zone:
ACCEPT Nopius' comment {http:#18834773} as answer
Any objections should be posted here in the next 4 days. After that time, the question will be closed.
JustUNIX, Experts Exchange Cleanup Volunteer
I will leave the following recommendation for this question in the Cleanup Zone:
ACCEPT Nopius' comment {http:#18834773} as answer
Any objections should be posted here in the next 4 days. After that time, the question will be closed.
JustUNIX, Experts Exchange Cleanup Volunteer
Forced accept.
Computer101
EE Admin
Computer101
EE Admin
ASKER
Second, I don't want to keep the usb key plugged in all the time either. What I really want is, whenever it says enter password, that is says enter password, or insert key.
Failing, that, having the usb key present when doing su, or other should be accepted too. I'll try the extra options