su: invalid script: /usr/libexec/auth/login_passwd (OpenBSD)

I had to replace a host-based firewall, based on OpenBSD, that had some failing hardware this week.  I managed to get the failing system up and running and made a full back up of the system using tar over SSH to a remote computer.  (Thanks to Trinity Rescue Kit for the help! I ran TRK on a Windows laptop I had borrowed from a co-worker to run a temporary SSH server.)  Upon restoration, I just had to tweak one file, /etc/fstab, to adjust for the different disk layout of the replacement system.

I ran into one issue after restoration, though: when I logged in as an unprivileged user, and attempted to su to another user, I got the error: su: invalid script: /usr/libexec/auth/login_passwd

Well, it turns out that I forgot the -p option to tar when I unpacked the tarball onto the new system…this option is used to preserve uid, gid, and file mode, as well as the setuid and setgid bits if the user is the superuser/root.  Well, /usr/bin/su is owned by root, and needs the setuid bit set in order to work properly.  The proper fix for this would be to unpack the tarball again with the proper settings, but in a pinch, you could just apply the setuid bit to /usr/bin/su.  (Please realize that in this case, you may have missed other files where the setuid/setgid bits should be set, so this is not the best solution, but can definitely help in a pinch.)

I found this information via this post in the Kernel Trap archives.  Thanks to “Walt” for posting this info to be archived and indexed by the search engines!  It certainly helped me this week!

EDIT: Definitely go through and use tar with the appropriate options to preserve permissions and special bits on files!  All files will be owned by the user that unpacked the tar archive (root:wheel in my case) if you don’t specify the “-p” option to tar to preserve permissions, ownership, and etc.

One thought on “su: invalid script: /usr/libexec/auth/login_passwd (OpenBSD)

  1. drh

    Thanks! When installing 5.1-i386 with a custom diskabel, I somehow convinced it to mount /usr/ as nosuid in /etc/fstab.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *