Solution of Su command cannot set groups: operation not permitted

A super detailed tutorial: springboot integrates mybatis plus>>>

Copyright notice: This article was originally written by Zeng Qianqian. Please indicate the source for Reprint:
link to the original article:

Source: Tengyun Pavilion

Problem scenario:

user_00@hadoop-10-125-224-102:> su root
su: cannot set groups: Operation not permitted

1.35266;- 23519;h2>

(1) 30475;/bin/su

user_00@hadoop-10-125-224-102:> ll /bin/su
-rwxr-xr-x 1 user_00 users 37880 May  3  2007 /bin/su

(2) Compare the /bin/Su files in springboard machine that can use Su command normally

user_00@Tencent64:~> ll /bin/su
-rwsr-xr-x 1 root root 37880 Jul 14  2014 /bin/su

2. Compare the differences

3. Analysis:


- rwsr-xr-x , s means setuid , which enables the file to be executed with the permission of the owner of the file, rather than the permission of the user executing the command

/bin the file belonging to the root group is changed to another group, which leads to an error. (PS: it’s a stupid error, you can’t do this)

4. Solution:

change file owner:

hadoop-10-125-224-102:~ # chown -R root:root /bin/su 
==>  -rwxr-xr-x 1 root root 37880 May  3  2007 /bin/su

set file properties

hadoop-10-125-224-102:~ # chmod u+s /bin/su
==>  -rwsr-xr-x 1 root root 37880 May  3  2007 /bin/su

5. Knowledge points of brain tonic

Permission status: - rwsr-xr-x , which is called set uid, or suid for short. So the special role of this special authority

suid permission is only valid for binary program

the executor needs to have X executable permission for the program

this permission is only valid in the process of executing the program (run-time)


executor will have the authority of the owner of the program

Similar permissions “sgid, sbit”, you can search the relevant information of “Linux special permissions”

Similar Posts: