set the default permissions for /usr/bin/su
Code:
-r-sr-xr-x 1 root security 32252 Aug 24 2007 /usr/bin/su
Edit:
in short:
Code:
chmod 4555 /usr/bin/su
su needs the root sticky bit, for reading /etc/security/passwd and some other files I guess
Edit2:
I run truss on su, it needs the sticky bit for reading:
Code:
>ls -l /etc/security/passwd
-rw------- 1 root security 732 Jul 07 2008 /etc/security/passwd
>ls -l /etc/security/environ
-rw-r----- 1 root security 60 Dec 23 2005 /etc/security/environ
>ls -l /etc/security/group
-rw-r----- 1 root security 692 Dec 18 2006 /etc/security/group
>ls -l /etc/security/audit/config
-rw-r----- 1 root audit 2523 Dec 23 2005 /etc/security/audit/config
>ls -l /etc/security/limits
-rw-r----- 1 root security 2492 Dec 30 2006 /etc/security/limits
>ls -l /etc/security/login.cfg
-rw-r----- 1 root security 4798 Dec 23 2005 /etc/security/login.cfg
and writing to:
>ls -l /var/adm/sulog
-rw------- 1 root system 112805 Jun 29 18:31 /var/adm/sulog
just for info
