|
users can access root withouh being asked for a password
after solving a little problem that i had before it seems that users can run "su" without bing asked for a password.
well this what I have done before chown user /etc/shadow /etc/passwd chmod 740 /etc/shadow /etc/passwd what i did up to now is this: root@Admin:/home/moderator# chmod 740 /etc/passwd /etc/shadow root@Admin:/dev# ls -l /etc/passwd /etc/shadow -rwxr----- 1 root root 765 2005-08-20 11:31 /etc/passwd -rwxr----- 1 root shadow 567 2005-08-20 11:41 /etc/shadow but still users can access root without being asked for the root password, anyhelp? |
using su does not have ANY relation whatsoever to the /etc/passwd file. Users can become root because there is no root passwod set - set one. If you don't want a root password (which is discouraged), disable the SUID bit on it using the following command (this means that nobody can use su successfully, even if they know the password:
Code:
chmod u-s /bin/su |
I did change the password but still can access:
root@Admin:~# passwd Changing password for root Enter the new password (minimum of 5, maximum of 127 characters) Please use a combination of upper and lower case letters and numbers. New password: Re-enter new password: Password changed. root@Admin:~# exit exit moderator@Admin:~$ su root@Admin:/home/moderator# |
Make sure the password is non-blank. If it oesn't work, remove teh SUID bit.
Or, even remove the package that provides it or delete the binary. |
Also, check /etc/pam.d/pam.su (which controls authentication for su assuming you are using pluggable authentication modules, which you should be if you're using Debian or Ubuntu) and make sure that you don't have something dset that just allows all access (post contents of the file if you can't decipher it, since it can be a bit tricky).
|
| All times are GMT -5. The time now is 04:21 PM. |