Here's the output from strace su - including password (ROOTPASSWORD): As much as I'd love to, when I put the root password in, it kicks me back to my user. I can post that output: execve("/bin/su", ["su", "-"], [/* 53 vars */]) = 0 brk(0) = 0x8054000 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fe9000 open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=70218, ...}) = 0 old_mmap(NULL, 70218, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fd7000 close(3) = 0 open("/lib/libcrypt.so.1", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\t\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=18924, ...}) = 0 old_mmap(NULL, 181020, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7faa000 old_mmap(0xb7faf000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0xb7faf000 old_mmap(0xb7fb0000, 156444, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7fb0000 close(3) = 0 open("/lib/libpam.so.0", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\25"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=29852, ...}) = 0 old_mmap(NULL, 31436, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7fa2000 old_mmap(0xb7fa9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0xb7fa9000 close(3) = 0 open("/lib/libpam_misc.so.0", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\16"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=9464, ...}) = 0 old_mmap(NULL, 12044, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7f9f000 old_mmap(0xb7fa1000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0xb7fa1000 close(3) = 0 open("/lib/libc.so.6", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@U\1\000"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=1193792, ...}) = 0 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f9e000 old_mmap(NULL, 1124132, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e8b000 old_mmap(0xb7f98000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x10c000) = 0xb7f98000 old_mmap(0xb7f9b000, 10020, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7f9b000 close(3) = 0 open("/lib/libdl.so.2", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\34\0\000"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=10964, ...}) = 0 old_mmap(NULL, 8624, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e88000 old_mmap(0xb7e8a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0xb7e8a000 close(3) = 0 munmap(0xb7fd7000, 70218) = 0 open("/dev/urandom", O_RDONLY) = 3 read(3, "\330\265\326\21", 4) = 4 close(3) = 0 brk(0) = 0x8054000 brk(0x8075000) = 0x8075000 getuid32() = 1000 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 readlink("/proc/self/fd/0", 0x80540c8, 4095) = -1 EACCES (Permission denied) fstat64(0, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0 stat64("/dev/pts", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 open("/dev/null", O_RDONLY|O_NONBLOCK|O_DIRECTORY) = -1 ENOTDIR (Not a directory) open("/dev/pts", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3 fstat64(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 getdents64(3, /* 4 entries */, 1024) = 96 stat64("/dev/pts/1", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0 close(3) = 0 open("/etc/login.defs", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=3229, ...}) = 0 old_mmap(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7e68000 read(3, "#\n# /etc/login.defs - Configurat"..., 131072) = 3229 read(3, "", 131072) = 0 close(3) = 0 munmap(0xb7e68000, 131072) = 0 readlink("/proc/self/fd/0", 0xbffff5fc, 511) = -1 EACCES (Permission denied) ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 fstat64(0, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0 stat64("/dev/pts/", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 open("/dev/pts/", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3 fstat64(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 getdents64(3, /* 4 entries */, 1024) = 96 stat64("/dev/pts/1", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0 close(3) = 0 access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory) open("/var/run/utmp", O_RDWR) = -1 EACCES (Permission denied) open("/var/run/utmp", O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 _llseek(3, 0, [0], SEEK_SET) = 0 alarm(0) = 0 rt_sigaction(SIGALRM, {0xb7f6cb00, [], 0}, {SIG_DFL}, 8) = 0 alarm(1) = 0 fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0 read(3, "\10\0\0\0n\24\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\1\0\0\0003N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\10\0\0\0\330\26\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\7\0\0\0\364\30\0\0vc/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\365\30\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\366\30\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\367\30\0\0tty4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\370\30\0\0tty5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\371\30\0\0tty6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\7\0\0\0\207\31\0\0pts/0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\7\0\0\0\236\31\0\0pts/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 alarm(0) = 1 rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0 close(3) = 0 getuid32() = 1000 socket(PF_UNIX, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_UNIX, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) close(3) = 0 open("/etc/nsswitch.conf", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=498, ...}) = 0 old_mmap(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7e68000 read(3, "# /etc/nsswitch.conf:\n# $Header:"..., 131072) = 498 read(3, "", 131072) = 0 close(3) = 0 munmap(0xb7e68000, 131072) = 0 open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=70218, ...}) = 0 old_mmap(NULL, 70218, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7e76000 close(3) = 0 open("/lib/libnss_compat.so.2", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\22\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=27808, ...}) = 0 old_mmap(NULL, 30180, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e6e000 old_mmap(0xb7e75000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0xb7e75000 close(3) = 0 open("/lib/libnsl.so.1", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@<\0\000"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=76952, ...}) = 0 old_mmap(NULL, 85088, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e59000 old_mmap(0xb7e6b000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11000) = 0xb7e6b000 old_mmap(0xb7e6c000, 7264, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7e6c000 close(3) = 0 munmap(0xb7e76000, 70218) = 0 open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=70218, ...}) = 0 old_mmap(NULL, 70218, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7e76000 close(3) = 0 open("/lib/libnss_nis.so.2", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\35\0\000"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=35944, ...}) = 0 old_mmap(NULL, 33636, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e50000 old_mmap(0xb7e58000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8000) = 0xb7e58000 close(3) = 0 open("/lib/libnss_files.so.2", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\35\0\000"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=35752, ...}) = 0 old_mmap(NULL, 33712, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e47000 old_mmap(0xb7e4f000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8000) = 0xb7e4f000 close(3) = 0 munmap(0xb7e76000, 70218) = 0 open("/etc/passwd", O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 _llseek(3, 0, [0], SEEK_CUR) = 0 fstat64(3, {st_mode=S_IFREG|0644, st_size=1826, ...}) = 0 mmap2(NULL, 1826, PROT_READ, MAP_SHARED, 3, 0) = 0xb7e87000 _llseek(3, 1826, [1826], SEEK_SET) = 0 munmap(0xb7e87000, 1826) = 0 close(3) = 0 stat64("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=528, ...}) = 0 open("/etc/pam.d/su", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=1247, ...}) = 0 old_mmap(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7e27000 read(3, "#%PAM-1.0\n\nauth sufficient"..., 131072) = 1247 open("/lib/security/pam_rootok.so", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\7\0\000"..., 512) = 512 fstat64(4, {st_mode=S_IFREG|0755, st_size=4388, ...}) = 0 old_mmap(NULL, 7024, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0xb7e25000 old_mmap(0xb7e26000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0) = 0xb7e26000 close(4) = 0 open("/lib/security/pam_wheel.so", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\r\0"..., 512) = 512 fstat64(4, {st_mode=S_IFREG|0755, st_size=10576, ...}) = 0 old_mmap(NULL, 12996, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0xb7e21000 old_mmap(0xb7e24000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x2000) = 0xb7e24000 close(4) = 0 open("/lib/security/pam_stack.so", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\v\0"..., 512) = 512 fstat64(4, {st_mode=S_IFREG|0755, st_size=11316, ...}) = 0 old_mmap(NULL, 13952, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0xb7e1d000 old_mmap(0xb7e20000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x2000) = 0xb7e20000 close(4) = 0 open("/lib/security/pam_xauth.so", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\23\0"..., 512) = 512 fstat64(4, {st_mode=S_IFREG|0755, st_size=14948, ...}) = 0 old_mmap(NULL, 17352, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0xb7e18000 old_mmap(0xb7e1c000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x3000) = 0xb7e1c000 close(4) = 0 read(3, "", 131072) = 0 close(3) = 0 munmap(0xb7e27000, 131072) = 0 open("/etc/pam.d/other", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=198, ...}) = 0 old_mmap(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7e27000 read(3, "#%PAM-1.0\n\nauth required\t/"..., 131072) = 198 open("/lib/security/pam_deny.so", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\6\0"..., 512) = 512 fstat64(4, {st_mode=S_IFREG|0755, st_size=3776, ...}) = 0 old_mmap(NULL, 6460, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0xb7e16000 old_mmap(0xb7e17000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0) = 0xb7e17000 close(4) = 0 read(3, "", 131072) = 0 close(3) = 0 munmap(0xb7e27000, 131072) = 0 open("/etc/passwd", O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 _llseek(3, 0, [0], SEEK_CUR) = 0 fstat64(3, {st_mode=S_IFREG|0644, st_size=1826, ...}) = 0 mmap2(NULL, 1826, PROT_READ, MAP_SHARED, 3, 0) = 0xb7e46000 _llseek(3, 1826, [1826], SEEK_SET) = 0 munmap(0xb7e46000, 1826) = 0 close(3) = 0 time(NULL) = 1100222255 getuid32() = 1000 open("/etc/passwd", O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 _llseek(3, 0, [0], SEEK_CUR) = 0 fstat64(3, {st_mode=S_IFREG|0644, st_size=1826, ...}) = 0 mmap2(NULL, 1826, PROT_READ, MAP_SHARED, 3, 0) = 0xb7e46000 _llseek(3, 1826, [1826], SEEK_SET) = 0 munmap(0xb7e46000, 1826) = 0 close(3) = 0 getuid32() = 1000 open("/etc/passwd", O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 _llseek(3, 0, [0], SEEK_CUR) = 0 fstat64(3, {st_mode=S_IFREG|0644, st_size=1826, ...}) = 0 mmap2(NULL, 1826, PROT_READ, MAP_SHARED, 3, 0) = 0xb7e46000 _llseek(3, 1826, [1826], SEEK_SET) = 0 munmap(0xb7e46000, 1826) = 0 close(3) = 0 socket(PF_UNIX, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_UNIX, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) close(3) = 0 open("/etc/group", O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 _llseek(3, 0, [0], SEEK_CUR) = 0 fstat64(3, {st_mode=S_IFREG|0644, st_size=779, ...}) = 0 mmap2(NULL, 779, PROT_READ, MAP_SHARED, 3, 0) = 0xb7e46000 _llseek(3, 779, [779], SEEK_SET) = 0 munmap(0xb7e46000, 779) = 0 close(3) = 0 stat64("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=528, ...}) = 0 open("/etc/pam.d/system-auth", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=491, ...}) = 0 old_mmap(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7e27000 read(3, "#%PAM-1.0\n\nauth required\t/"..., 131072) = 491 open("/lib/security/pam_env.so", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\f\0\000"..., 512) = 512 fstat64(4, {st_mode=S_IFREG|0755, st_size=11200, ...}) = 0 old_mmap(NULL, 13836, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0xb7e12000 old_mmap(0xb7e15000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x2000) = 0xb7e15000 close(4) = 0 open("/lib/security/pam_unix.so", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0%\0\000"..., 512) = 512 fstat64(4, {st_mode=S_IFREG|0755, st_size=45768, ...}) = 0 old_mmap(NULL, 92600, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0xb7dfb000 old_mmap(0xb7e05000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0xa000) = 0xb7e05000 old_mmap(0xb7e06000, 47544, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7e06000 close(4) = 0 open("/lib/security/pam_cracklib.so", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200!\0"..., 512) = 512 fstat64(4, {st_mode=S_IFREG|0755, st_size=36836, ...}) = 0 old_mmap(NULL, 64864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0xb7deb000 old_mmap(0xb7df3000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x8000) = 0xb7df3000 old_mmap(0xb7df4000, 28000, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7df4000 close(4) = 0 open("/lib/security/pam_limits.so", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\22\0"..., 512) = 512 fstat64(4, {st_mode=S_IFREG|0755, st_size=16356, ...}) = 0 old_mmap(NULL, 18636, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0xb7de6000 old_mmap(0xb7dea000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x3000) = 0xb7dea000 close(4) = 0 read(3, "", 131072) = 0 close(3) = 0 munmap(0xb7e27000, 131072) = 0 open("/etc/pam.d/other", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=198, ...}) = 0 old_mmap(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7e27000 read(3, "#%PAM-1.0\n\nauth required\t/"..., 131072) = 198 read(3, "", 131072) = 0 close(3) = 0 munmap(0xb7e27000, 131072) = 0 getuid32() = 1000 open("/etc/passwd", O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 _llseek(3, 0, [0], SEEK_CUR) = 0 fstat64(3, {st_mode=S_IFREG|0644, st_size=1826, ...}) = 0 mmap2(NULL, 1826, PROT_READ, MAP_SHARED, 3, 0) = 0xb7e46000 _llseek(3, 1826, [1826], SEEK_SET) = 0 munmap(0xb7e46000, 1826) = 0 close(3) = 0 open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied) open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied) open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied) open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied) ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 rt_sigprocmask(SIG_BLOCK, [INT TSTP], [], 8) = 0 time([1100222255]) = 1100222255 write(2, "Password: ", 10Password: ) = 10 ioctl(0, SNDCTL_TMR_CONTINUE or TCSETSF, {B38400 opost isig icanon -echo ...}) = 0 read(0, "ROOTPASSWORDHERE\n", 511) = 10 ioctl(0, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig icanon echo ...}) = 0 write(2, "\n", 1 ) = 1 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ioctl(0, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig icanon echo ...}) = 0 open("/etc/passwd", O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 _llseek(3, 0, [0], SEEK_CUR) = 0 fstat64(3, {st_mode=S_IFREG|0644, st_size=1826, ...}) = 0 mmap2(NULL, 1826, PROT_READ, MAP_SHARED, 3, 0) = 0xb7e46000 _llseek(3, 1826, [1826], SEEK_SET) = 0 munmap(0xb7e46000, 1826) = 0 close(3) = 0 open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied) open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied) open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied) open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied) geteuid32() = 1000 pipe([3, 4]) = 0 rt_sigaction(SIGCHLD, {SIG_DFL}, {SIG_DFL}, 8) = 0 fork() = 6622 write(4, "nullok\0\0", 8) = 8 write(4, "ROOTPASSWORD\0", 10) = 10 close(3) = 0 close(4) = 0 waitpid(6622, [WIFEXITED(s) && WEXITSTATUS(s) == 1], 0) = 6622 --- SIGCHLD (Child exited) @ 0 (0) --- getuid32() = 1000 geteuid32() = 1000 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 readlink("/proc/self/fd/0", 0x80540c8, 4095) = -1 EACCES (Permission denied) fstat64(0, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0 stat64("/dev/pts", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 open("/dev/pts", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3 fstat64(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 getdents64(3, /* 4 entries */, 1024) = 96 stat64("/dev/pts/1", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0 close(3) = 0 access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory) open("/var/run/utmp", O_RDWR) = -1 EACCES (Permission denied) open("/var/run/utmp", O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 _llseek(3, 0, [0], SEEK_SET) = 0 alarm(0) = 0 rt_sigaction(SIGALRM, {0xb7f6cb00, [], 0}, {SIG_DFL}, 8) = 0 alarm(1) = 0 fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0 read(3, "\10\0\0\0n\24\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\1\0\0\0003N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\10\0\0\0\330\26\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\7\0\0\0\364\30\0\0vc/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\365\30\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\366\30\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\367\30\0\0tty4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\370\30\0\0tty5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\371\30\0\0tty6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\7\0\0\0\207\31\0\0pts/0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\7\0\0\0\236\31\0\0pts/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 alarm(0) = 1 rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0 close(3) = 0 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 readlink("/proc/self/fd/0", 0x80540c8, 4095) = -1 EACCES (Permission denied) fstat64(0, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0 stat64("/dev/pts", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 open("/dev/pts", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3 fstat64(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 getdents64(3, /* 4 entries */, 1024) = 96 stat64("/dev/pts/1", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0 close(3) = 0 access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory) open("/var/run/utmp", O_RDWR) = -1 EACCES (Permission denied) open("/var/run/utmp", O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 _llseek(3, 0, [0], SEEK_SET) = 0 alarm(0) = 0 rt_sigaction(SIGALRM, {0xb7f6cb00, [], 0}, {SIG_DFL}, 8) = 0 alarm(1) = 0 fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0 read(3, "\10\0\0\0n\24\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\1\0\0\0003N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\10\0\0\0\330\26\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\7\0\0\0\364\30\0\0vc/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\365\30\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\366\30\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\367\30\0\0tty4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\370\30\0\0tty5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\371\30\0\0tty6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\7\0\0\0\207\31\0\0pts/0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\7\0\0\0\236\31\0\0pts/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 alarm(0) = 1 rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0 close(3) = 0 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 readlink("/proc/self/fd/0", 0x80540c8, 4095) = -1 EACCES (Permission denied) fstat64(0, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0 stat64("/dev/pts", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 open("/dev/pts", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3 fstat64(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 getdents64(3, /* 4 entries */, 1024) = 96 stat64("/dev/pts/1", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0 close(3) = 0 access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory) open("/var/run/utmp", O_RDWR) = -1 EACCES (Permission denied) open("/var/run/utmp", O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 _llseek(3, 0, [0], SEEK_SET) = 0 alarm(0) = 0 rt_sigaction(SIGALRM, {0xb7f6cb00, [], 0}, {SIG_DFL}, 8) = 0 alarm(1) = 0 fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0 read(3, "\10\0\0\0n\24\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\1\0\0\0003N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\10\0\0\0\330\26\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\7\0\0\0\364\30\0\0vc/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\365\30\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\366\30\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\367\30\0\0tty4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\370\30\0\0tty5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\371\30\0\0tty6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\7\0\0\0\207\31\0\0pts/0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\7\0\0\0\236\31\0\0pts/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 alarm(0) = 1 rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0 close(3) = 0 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 readlink("/proc/self/fd/0", 0x80540c8, 4095) = -1 EACCES (Permission denied) fstat64(0, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0 stat64("/dev/pts", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 open("/dev/pts", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3 fstat64(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 getdents64(3, /* 4 entries */, 1024) = 96 stat64("/dev/pts/1", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0 close(3) = 0 access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory) open("/var/run/utmp", O_RDWR) = -1 EACCES (Permission denied) open("/var/run/utmp", O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 _llseek(3, 0, [0], SEEK_SET) = 0 alarm(0) = 0 rt_sigaction(SIGALRM, {0xb7f6cb00, [], 0}, {SIG_DFL}, 8) = 0 alarm(1) = 0 fcntl64(3, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0 read(3, "\10\0\0\0n\24\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\1\0\0\0003N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\10\0\0\0\330\26\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\7\0\0\0\364\30\0\0vc/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\365\30\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\366\30\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\367\30\0\0tty4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\370\30\0\0tty5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\6\0\0\0\371\30\0\0tty6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\7\0\0\0\207\31\0\0pts/0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 read(3, "\7\0\0\0\236\31\0\0pts/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384 fcntl64(3, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 alarm(0) = 1 rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0 close(3) = 0 time([1100222261]) = 1100222261 open("/etc/localtime", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFDIR|0755, st_size=1088, ...}) = 0 old_mmap(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7e27000 read(3, 0xb7e27000, 131072) = -1 EISDIR (Is a directory) close(3) = 0 munmap(0xb7e27000, 131072) = 0 getpid() = 6620 rt_sigaction(SIGPIPE, {0xb7f3c960, [], 0}, {SIG_DFL}, 8) = 0 socket(PF_UNIX, SOCK_DGRAM, 0) = 3 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 connect(3, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0 send(3, "<37>Nov 12 01:17:41 su(pam_unix)"..., 132, 0) = 132 rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0 close(3) = 0 select(0, NULL, NULL, NULL, {2, 347378}) = 0 (Timeout) time([1100222263]) = 1100222263 getpid() = 6620 rt_sigaction(SIGPIPE, {0xb7f3c960, [], 0}, {SIG_DFL}, 8) = 0 socket(PF_UNIX, SOCK_DGRAM, 0) = 3 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 connect(3, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0 send(3, "<35>Nov 12 01:17:43 su[6620]: pa"..., 70, 0) = 70 rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0 write(2, "su: Authentication failure\n", 27su: Authentication failure ) = 27 munmap(0xb7e12000, 13836) = 0 munmap(0xb7dfb000, 92600) = 0 munmap(0xb7deb000, 64864) = 0 munmap(0xb7de6000, 18636) = 0 munmap(0xb7e25000, 7024) = 0 munmap(0xb7e21000, 12996) = 0 munmap(0xb7e1d000, 13952) = 0 munmap(0xb7e18000, 17352) = 0 munmap(0xb7e16000, 6460) = 0 close(3) = 0 fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7e46000 write(1, "Sorry.\n", 7Sorry. ) = 7 munmap(0xb7e46000, 4096) = 0 exit_group(1) = ? At this point it kicks me back to my regular user. However, when not using strace, I can get into root.