> Precisely; however it is trying to open /etc/shadow *as the logged-in > user*, not root. This is what's throwing the errors in the audit log. It's not suid root, or not using a wrapper. It might be a bug, depending what it is suppose to do. > Eric Igmar