LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-03-2003, 10:40 AM   #1
Svha
LQ Newbie
 
Registered: Jul 2003
Posts: 24

Rep: Reputation: 15
Angry Locked Out Of Root


Greetings!

Recently I had an ADSL connection installed and as the modem did not support NAT, I decided to use a Software Router RedHat 9 (To enable NAT/Print Server/DHCP ......etc)

However maybe I took things a little to far on the security side and changed the root shell in /etc/passwd from /bin/bash to /sbin/nologon ...... ooops!

Now ..... surprise surprise ......

I can't log in as root
I can't su
I can't sudo
I can't do $&*# =D

I can however login as a local user with non root access (This is an account I set up to monitor the system)

Any suggestions on how to edit /etc/passwd (currently owned by root)?

As a last resort, if I moved the disks / controller card into another Linux box - would I then be able to edit the /etc/passwd file?

Cheers for any input folks ..... Svha

EDIT - I have just booted from a Knoppix CD and cant see the / filesystem - I can see /boot as this is a standard partition, however / is a raid partition and cannot be mounted =/

/ filesystem is made up of sda2 and sdb1 (a striped software raid set md0) so mounting the disks with another distro does not seem to be an option.

Last edited by Svha; 10-03-2003 at 11:18 AM.
 
Old 10-03-2003, 11:29 AM   #2
phoeniXflame
Member
 
Registered: Feb 2003
Location: Somewhere, UK
Distribution: Slack, OpenBSD, Debian, SuSE
Posts: 189

Rep: Reputation: 30
at your lilo prompt (assuming you use lilo as your boot mgr) enter...

Code:
linux init=/bin/bash
this should boot you into a root console so you can change your /etc/passwd accordingly
 
Old 10-03-2003, 11:35 AM   #3
Svha
LQ Newbie
 
Registered: Jul 2003
Posts: 24

Original Poster
Rep: Reputation: 15
Haha .... I use Grub =P

But ..... "man grub" may help me here ...

Thanks for the reply!
 
Old 10-03-2003, 12:01 PM   #4
Svha
LQ Newbie
 
Registered: Jul 2003
Posts: 24

Original Poster
Rep: Reputation: 15
Using the 'a' key in grub allows you to append arguments to the startup process - so I added .....

init=/bin/bash

This dropped me to an init prompt however only gave me read only access =/

su / sudo still would'nt allow me write access =(

Thanks for the suggestion tho Pheonix!
 
Old 10-03-2003, 12:12 PM   #5
Blinker_Fluid
Member
 
Registered: Jul 2003
Location: Clinging to my guns and religion.
Posts: 682

Rep: Reputation: 63
hmm did a man on su and found this...
man su
-c, --commmand=COMMAND
pass a single COMMAND to the shell with -c

so in theory could you copy /etc/passwd and change it back then run the command
su --command="cp /etc/passwd.new /etc/passwd"

sorry should have tested it first I think I have syntax right now..
Just something to try...

Last edited by Blinker_Fluid; 10-03-2003 at 12:19 PM.
 
Old 10-03-2003, 12:41 PM   #6
Svha
LQ Newbie
 
Registered: Jul 2003
Posts: 24

Original Poster
Rep: Reputation: 15
Thanks Blink .....

..... but I get an error in the console "This account is currently not available"

The changes I made in the original post where from the "Official" RedHat security guide ......

http://www.redhat.com/docs/manuals/l...rivileges.html

Section 4.4.2 Table 4.1 ..... States that the changes will deactivate among others su / ssh /sftp as root - however sudo would still function. (According to the above document)

But sudo doesn't seem to accept the password needed to run a command (I have typed the password into a new console to check (as plain text) keymap settings / caps lock / num lock settings .... and if functions perfectly)

Kinda weird ...... anybody else had a similar experience?
 
Old 10-03-2003, 12:53 PM   #7
Blinker_Fluid
Member
 
Registered: Jul 2003
Location: Clinging to my guns and religion.
Posts: 682

Rep: Reputation: 63
I guess it is secure...
Was going to ask if you were able to mount it with the Knoppix CD but the RAID thing probably messes up my thought...
The only other thoughts are if you can boot into single user mode or If you can boot on the Redhat 9 disks and go into rescue mode...
Good luck with it.
 
Old 10-03-2003, 12:56 PM   #8
Svha
LQ Newbie
 
Registered: Jul 2003
Posts: 24

Original Poster
Rep: Reputation: 15
My fault! =P /me hides in shame!

sudo requires the CURRENT users password ..... and NOT roots password for the first authentication.

Then sudo refers to the sudoers file for further info

Hey ho ..... problem solved!

man sudo ...... /smacks self on forehead
 
Old 10-04-2003, 12:48 PM   #9
phoeniXflame
Member
 
Registered: Feb 2003
Location: Somewhere, UK
Distribution: Slack, OpenBSD, Debian, SuSE
Posts: 189

Rep: Reputation: 30
lol good god man
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How can "root" unlock a locked screen in Gnome? AZ_Rider Linux - Newbie 5 11-30-2011 01:28 AM
root locked out marghorp Linux - Software 6 05-17-2007 02:28 PM
File owner and File group locked - root deiphage Linux - Hardware 5 02-05-2005 01:30 PM
Root Directory Locked... *sigh* Sonshyne Linux - Newbie 9 06-19-2004 04:42 AM
root files: create as root:root or root:wheel? pcass Linux - Security 1 02-07-2004 04:14 PM


All times are GMT -5. The time now is 04:45 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration