On Thu, 27 Sep 2007 09:02:49 am John D.Baker wrote:
> I've been updating my machines from (sometimes ancient) netbsd-4
> BETA2 to RC1 (tracking netbsd-4) and on several of them, 'su' is
> claiming authetication failure (pam_unix).
>
> It seems to occur on those machines where I've been extracting the
> sets (except [x]etc.tgz) in place and then running 'etcupdate'.  I
> answer "y" to the question about rebuilding the password database.
>
> On the build host itself, I've been using the "install=/" target
> of 'build.sh' and running 'etcupdate' afterwards.
>
> I can still log in as 'root' on the console of the affected machines
> and use 'su' to become another user, but as an unpriviledged user
> cannot become root, or switch to another unpriviledged user account
> for which I have the password.
>
> Has anyone else seen anything like this?

Yes ... once. I believe it was when I untarred and special permissions were 
not preserved or such.

Though the problem may not have been su itself.

$ ls -Al /usr/bin/su
-r-sr-xr-x  1 root  wheel  15990 Jun 29 18:05 /usr/bin/su

I have a feeling it may have been something else but can't for the life of me 
remember. I seem to remember going "Ah" after a mad panic and then fixing it 
but that's of no help :)

In the end, the two problems could be similar and completely unrelated.

Sarton