su: Authentication service cannot retrieve authentication info

Tell me, how can I fix this problem?
The sudo command works for me, but su doesn’t work.

~> su
Password:  
su: Authentication service cannot retrieve authentication info

This is rather generic error. Compare PAM configuration for sudo and su or post them here (full file content in tags code).

The reason for the problem is that the user changed the permissions for /usr/bin:


sudo chown -R $(whoami) /usr/bin


I was able to solve the problem this way:

sudo chown -R root:root /usr/bin/
sudo chmod 4755 /usr/bin/su
sudo chmod 4755 /usr/bin/sudo

Tell me, are these the correct permissions?
Sudo and su currently work. Is there any other action to be taken?

No. That’s it:

chmod u+s -R /usr/bin/su
chmod u+s -R /usr/bin/sudo

Oh, well. I really hate to start with “have you tried to power it off and on again” every time.

sudo chown -R $(whoami) /usr/bin

This also resets sudo permissions. How comes sudo worked then?

sudo chown -R root:root /usr/bin/

This is wrong. Some files in /usr/bin belong to different group (and there is no guarantee every file in /usr/bin belongs to user “root” either) and some of those files are also SGID. They remain broken. The generic way is to run “rpm --verify” for all packages that have files in /usr/bin, “rpm --restore” to reset permissions for packages that report different values and finally “chkstat --system” to reapply permissions that deviate from RPM.

sudo chmod 4755 /usr/bin/su
sudo chmod 4755 /usr/bin/sudo

Tell me, are these the correct permissions?

Yes for these two files.

Is there any other action to be taken?

See above.

u+s is bit 4000 that you already set and there is no point in using -R for a single file.

I don’t understand why this mistake…?

~> sudo rpm --restore -a
sh: line 7: getcap: command not found
sh: line 17: getcap: command not found
sh: line 27: getcap: command not found
sh: line 2: getcap: command not found
sh: line 7: getcap: command not found
sh: line 17: getcap: command not found

Made it this way:

sudo rpm --setugids $(rpm -qf $(find /usr/bin) | sort -u)
sudo rpm --setperms $(rpm -qf $(find /usr/bin) | sort -u)
sudo chkstat --system

What do you think, is it right?