On Jan 9, michael smith wrote
> It has also been suggested that your 'su' is not setuid root, however
> 'su' doesn't log the "BAD SU" message unless it is setuid root.
> 

It does(just tried it), because getpwent (or the similar used function, I
didn't look at the sources) can't get the crypted passwd string from
/etc/spwd.db, so it gets an '*' instead, from /etc/pwd.db. And the passwd
you enters, after crypt(), never match '*'. So you get the 'BAD SU' message,
just as if you entered the wrong passwd.

--
Manuel Bouyer, MASI, Universite Paris VI.
email: bouyer@masi.ibp.fr
--