LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-20-2005, 06:31 PM   #1
amer_58
Member
 
Registered: Mar 2004
Distribution: Slackware 10.2
Posts: 213

Rep: Reputation: 30
users can access root withouh being asked for a password


after solving a little problem that i had before it seems that users can run "su" without bing asked for a password.

well this what I have done before
chown user /etc/shadow /etc/passwd
chmod 740 /etc/shadow /etc/passwd

what i did up to now is this:

root@Admin:/home/moderator# chmod 740 /etc/passwd /etc/shadow
root@Admin:/dev# ls -l /etc/passwd /etc/shadow
-rwxr----- 1 root root 765 2005-08-20 11:31 /etc/passwd
-rwxr----- 1 root shadow 567 2005-08-20 11:41 /etc/shadow

but still users can access root without being asked for the root password, anyhelp?
 
Old 08-20-2005, 06:53 PM   #2
saman007uk
Member
 
Registered: Dec 2003
Location: ~root
Distribution: Debian
Posts: 363

Rep: Reputation: 33
using su does not have ANY relation whatsoever to the /etc/passwd file. Users can become root because there is no root passwod set - set one. If you don't want a root password (which is discouraged), disable the SUID bit on it using the following command (this means that nobody can use su successfully, even if they know the password:

Code:
chmod u-s /bin/su
 
Old 08-20-2005, 07:05 PM   #3
amer_58
Member
 
Registered: Mar 2004
Distribution: Slackware 10.2
Posts: 213

Original Poster
Rep: Reputation: 30
I did change the password but still can access:

root@Admin:~# passwd
Changing password for root
Enter the new password (minimum of 5, maximum of 127 characters)
Please use a combination of upper and lower case letters and numbers.
New password:
Re-enter new password:
Password changed.
root@Admin:~# exit
exit
moderator@Admin:~$ su
root@Admin:/home/moderator#
 
Old 08-20-2005, 07:15 PM   #4
saman007uk
Member
 
Registered: Dec 2003
Location: ~root
Distribution: Debian
Posts: 363

Rep: Reputation: 33
Make sure the password is non-blank. If it oesn't work, remove teh SUID bit.

Or, even remove the package that provides it or delete the binary.
 
Old 08-20-2005, 11:56 PM   #5
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,284

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Also, check /etc/pam.d/pam.su (which controls authentication for su assuming you are using pluggable authentication modules, which you should be if you're using Debian or Ubuntu) and make sure that you don't have something dset that just allows all access (post contents of the file if you can't decipher it, since it can be a bit tricky).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
users other than root can not access internet ? summerfish Linux - Networking 4 07-17-2004 08:03 PM
requiring root password for app access? mysticpain Linux - Software 3 06-08-2004 08:19 PM
Root password for internet access jsin Red Hat 2 01-02-2004 03:29 AM
Allright, changed root password and questions about adding users RIOMX Linux - Newbie 2 10-30-2003 03:28 PM
non-root users inet access Duckus Linux - Newbie 4 06-05-2003 10:40 PM


All times are GMT -5. The time now is 02:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration