HELP! - I've screwed up and now can't access root

HELP! - I've screwed up and now can't access root

Post by sxjc » Fri, 27 Jun 2003 10:11:44



I consider myself an intermediate user on Linux. I can do things very well,
others not well at all. At my workplace, I've converted a former PIII NT
machine into a smoking RH9.0 NetWorker client. One of the requests that my
lead IT asked me to do is to set up this Linux box to be SSH enabled to
transfer and store critical files. Although it was my first time doing so, I
was able to impliment SSH, and then started looking for addtional security.
So I downloaded the RH Linux Security Guide from RH's site.

I was walking through the guide, and started working on root access. I
wasn't reading ahead. Instead, I was just doing the commands that the guide
instructed.

First I changed the root shell in my /etc/passwd file from /bin/bash to
/sbin/nologin.

Second I disabled root access via any console device (tty) by creating an
empty /etc/securetty file.

Third I disabled root SSH logins by editing the /etc/ssh/sshd_config to set
the PermitRootLogin to no.

I didn't get as far as using PAM to limit root access services because at
this point I then rebooted to test a previous security implementation to the
grub.conf file to enforce pwords when login in to command line. I found out
that something went wrong. I believe it was a bad crypto copy from the
/sbin/grub-md5-crypt output, but that's not my problem. My problem is this.
Because of my root access step one, I'm no longer to switch into root mode
with su. I then tried to implement my commands with sudo. However, I cannot
get it to accept my root password. FYI, because it was my first time running
sudo, I didn't do any config on it. I know that my root password still works
because when I execute any system setting programs, I can successfully start
it with my root pword. I really want to edit my root shell back to
/sbin/nologin. What is the correct implimentation of sudo? I've been
entering the following below:

$ sudo vi /etc/passwd

I wish I were in front of my work workstation, but I'm currently at home and
can't recall the output from that statement. All I know is that I can't get
into it. Please can someone help me out here?

 
 
 

HELP! - I've screwed up and now can't access root

Post by Bit Twiste » Fri, 27 Jun 2003 10:21:45



> I didn't get as far as using PAM to limit root access services because at
> this point I then rebooted to test a previous security implementation to the
> grub.conf file to enforce pwords when login in to command line. I found out
> that something went wrong.

If all else fails, you could boot cd 1 in the rescue mode
chroot to where you installed RH, restoring the backed up copies
of files you changed and reversing your changes.

 
 
 

HELP! - I've screwed up and now can't access root

Post by Tutaepak » Fri, 27 Jun 2003 11:33:19



Quote:> I consider myself an intermediate user on Linux. I can do things very
> well, others not well at all. At my workplace, I've converted a former
> PIII NT machine into a smoking RH9.0 NetWorker client. One of the
> requests that my lead IT asked me to do is to set up this Linux box to
> be SSH enabled to transfer and store critical files. Although it was
> my first time doing so, I was able to impliment SSH, and then started
> looking for addtional security. So I downloaded the RH Linux Security
> Guide from RH's site.

> I was walking through the guide, and started working on root access. I
> wasn't reading ahead. Instead, I was just doing the commands that the
> guide instructed.

> First I changed the root shell in my /etc/passwd file from /bin/bash
> to /sbin/nologin.

> Second I disabled root access via any console device (tty) by creating
> an empty /etc/securetty file.

> Third I disabled root SSH logins by editing the /etc/ssh/sshd_config
> to set the PermitRootLogin to no.

> I didn't get as far as using PAM to limit root access services because
> at this point I then rebooted to test a previous security
> implementation to the grub.conf file to enforce pwords when login in
> to command line. I found out that something went wrong. I believe it
> was a bad crypto copy from the /sbin/grub-md5-crypt output, but that's
> not my problem. My problem is this. Because of my root access step
> one, I'm no longer to switch into root mode with su. I then tried to
> implement my commands with sudo. However, I cannot get it to accept my
> root password. FYI, because it was my first time running sudo, I
> didn't do any config on it. I know that my root password still works
> because when I execute any system setting programs, I can successfully
> start it with my root pword. I really want to edit my root shell back
> to /sbin/nologin. What is the correct implimentation of sudo? I've
> been entering the following below:

> $ sudo vi /etc/passwd

> I wish I were in front of my work workstation, but I'm currently at
> home and can't recall the output from that statement. All I know is
> that I can't get into it. Please can someone help me out here?

THe password sudo requires is YOUR password, not the root one!
 
 
 

HELP! - I've screwed up and now can't access root

Post by Steven Mockin » Fri, 27 Jun 2003 19:31:21


On Thursday 26 June 2003 03:11, sxjcp blurted:

Quote:> I consider myself an intermediate user on Linux. I can do things very
> well, others not well at all. At my workplace, I've converted a former
> PIII NT machine into a smoking RH9.0 NetWorker client. One of the requests
> that my lead IT asked me to do is to set up this Linux box to be SSH
> enabled to transfer and store critical files. Although it was my first
> time doing so, I was able to impliment SSH, and then started looking for
> addtional security. So I downloaded the RH Linux Security Guide from RH's
> site.

> I was walking through the guide, and started working on root access. I
> wasn't reading ahead. Instead, I was just doing the commands that the
> guide instructed.

Bad Thing.

Quote:> First I changed the root shell in my /etc/passwd file from /bin/bash to
> /sbin/nologin.

> Second I disabled root access via any console device (tty) by creating an
> empty /etc/securetty file.

> Third I disabled root SSH logins by editing the /etc/ssh/sshd_config to
> set the PermitRootLogin to no.

What guide is that? Perchance the "users-fix-it-themselves" a.k.a.
"users-lart-themselves-HOWTO" in my top drawer?

Quote:> I didn't get as far as using PAM to limit root access services because at
> this point I then rebooted to test a previous security implementation to
> the grub.conf file to enforce pwords when login in to command line. I
> found out that something went wrong. I believe it was a bad crypto copy
> from the /sbin/grub-md5-crypt output, but that's not my problem. My
> problem is this. Because of my root access step one, I'm no longer to
> switch into root mode with su. I then tried to implement my commands with
> sudo. However, I cannot get it to accept my root password. FYI, because it
> was my first time running sudo, I didn't do any config on it. I know that
> my root password still works because when I execute any system setting
> programs, I can successfully start it with my root pword. I really want to
> edit my root shell back to /sbin/nologin. What is the correct
> implimentation of sudo? I've been entering the following below:

> $ sudo vi /etc/passwd

> I wish I were in front of my work workstation, but I'm currently at home
> and can't recall the output from that statement. All I know is that I
> can't get into it. Please can someone help me out here?

Boot it with a bootdisk or CD-ROM, mount the root drive in /mnt, cd there
and mount the usr drive in /mnt/usr. chroot /mnt, passwd, rm
/etc/securetty, change your root shell back and reboot.

--
QOTD:
        "Sure, I turned down a drink once.  Didn't understand the question."

 
 
 

HELP! - I've screwed up and now can't access root

Post by Nico Kadel-Garci » Fri, 27 Jun 2003 21:32:53



> I consider myself an intermediate user on Linux. I can do things very well,
> others not well at all. At my workplace, I've converted a former PIII NT
> machine into a smoking RH9.0 NetWorker client. One of the requests that my
> lead IT asked me to do is to set up this Linux box to be SSH enabled to
> transfer and store critical files. Although it was my first time doing so, I
> was able to impliment SSH, and then started looking for addtional security.
> So I downloaded the RH Linux Security Guide from RH's site.

> I was walking through the guide, and started working on root access. I
> wasn't reading ahead. Instead, I was just doing the commands that the guide
> instructed.

> First I changed the root shell in my /etc/passwd file from /bin/bash to
> /sbin/nologin.

What in the???? Dude, you probably need to reboot the the machine with a
rescue floppy or rescue CD (such as the RedHat 9 insallation CD, disk 1)
and *SET THIS BACK*. I have no idea who told you to do this, and if it
was Legato for "Networker", they and I need to have words...

Quote:> Second I disabled root access via any console device (tty) by creating an
> empty /etc/securetty file.

> Third I disabled root SSH logins by editing the /etc/ssh/sshd_config to set
> the PermitRootLogin to no.

> I didn't get as far as using PAM to limit root access services because at
> this point I then rebooted to test a previous security implementation to the
> grub.conf file to enforce pwords when login in to command line. I found out
> that something went wrong. I believe it was a bad crypto copy from the
> /sbin/grub-md5-crypt output, but that's not my problem. My problem is this.
> Because of my root access step one, I'm no longer to switch into root mode
> with su. I then tried to implement my commands with sudo. However, I cannot
> get it to accept my root password. FYI, because it was my first time running
> sudo, I didn't do any config on it. I know that my root password still works
> because when I execute any system setting programs, I can successfully start
> it with my root pword. I really want to edit my root shell back to
> /sbin/nologin. What is the correct implimentation of sudo? I've been
> entering the following below:

This is like saying "I want my car to work, but with a large spike of
taffeta squeezed into the carburetor". I have *neveR* heard of anyong
trying to do this....

Quote:> $ sudo vi /etc/passwd

In this case, it would be "sudo vipw" to use the more graceful password
modifying tool.

- Show quoted text -

Quote:> I wish I were in front of my work workstation, but I'm currently at home and
> can't recall the output from that statement. All I know is that I can't get
> into it. Please can someone help me out here?

 
 
 

HELP! - I've screwed up and now can't access root

Post by Dan Smit » Fri, 27 Jun 2003 22:58:49


Quote:> into it. Please can someone help me out here?

When you get to the lilo prompt, type "linux init=/bin/sh".  That should
log you straight to a shell with nothing started.  Then, "/bin/vi
/etc/passwd".

--Dan

 
 
 

HELP! - I've screwed up and now can't access root

Post by Sebastian Han » Fri, 27 Jun 2003 23:32:38



>> into it. Please can someone help me out here?

> When you get to the lilo prompt, type "linux init=/bin/sh".  That should
> log you straight to a shell with nothing started.  Then, "/bin/vi
> /etc/passwd".

I don't think that sxjcp uses lilo. Part of what you snipped:

Quote:>> this point I then rebooted to test a previous security implementation to the
>> grub.conf file to enforce pwords when login in to command line.

A bootdisk seems to be the only solution (except for putting the
harddrive into another computer and doing it from there).

Ciao.
Seb.

 
 
 

HELP! - I've screwed up and now can't access root

Post by Kenneth A Kauffma » Fri, 27 Jun 2003 23:40:54




> > I consider myself an intermediate user on Linux. I can do things very
> > well, others not well at all. At my workplace, I've converted a former
> > PIII NT machine into a smoking RH9.0 NetWorker client. One of the
> > requests that my lead IT asked me to do is to set up this Linux box to
> > be SSH enabled to transfer and store critical files. Although it was
> > my first time doing so, I was able to impliment SSH, and then started
> > looking for addtional security. So I downloaded the RH Linux Security
> > Guide from RH's site.

> > I was walking through the guide, and started working on root access. I
> > wasn't reading ahead. Instead, I was just doing the commands that the
> > guide instructed.

> > First I changed the root shell in my /etc/passwd file from /bin/bash
> > to /sbin/nologin.

> > Second I disabled root access via any console device (tty) by creating
> > an empty /etc/securetty file.

> > Third I disabled root SSH logins by editing the /etc/ssh/sshd_config
> > to set the PermitRootLogin to no.

> > I didn't get as far as using PAM to limit root access services because
> > at this point I then rebooted to test a previous security
> > implementation to the grub.conf file to enforce pwords when login in
> > to command line. I found out that something went wrong. I believe it
> > was a bad crypto copy from the /sbin/grub-md5-crypt output, but that's
> > not my problem. My problem is this. Because of my root access step
> > one, I'm no longer to switch into root mode with su. I then tried to
> > implement my commands with sudo. However, I cannot get it to accept my
> > root password. FYI, because it was my first time running sudo, I
> > didn't do any config on it. I know that my root password still works
> > because when I execute any system setting programs, I can successfully
> > start it with my root pword. I really want to edit my root shell back
> > to /sbin/nologin. What is the correct implimentation of sudo? I've
> > been entering the following below:

> > $ sudo vi /etc/passwd

> > I wish I were in front of my work workstation, but I'm currently at
> > home and can't recall the output from that statement. All I know is
> > that I can't get into it. Please can someone help me out here?

> THe password sudo requires is YOUR password, not the root one!

Tut. is right.  Everyone has missed that sxjcp was typing the "root"
password at the prompt when doing sudo rather than the current logged in
user's passwod.

ken k

 
 
 

HELP! - I've screwed up and now can't access root

Post by Dan Smit » Sat, 28 Jun 2003 00:01:11


Quote:> A bootdisk seems to be the only solution (except for putting the
> harddrive into another computer and doing it from there).

I missed that he uses grub, but that doesn't change things.  By using
'e' to edit the default entry, and then 'e' again to edit the kernel
boot line, he can add the 'init=/bin/sh' to the end of the line and then
hit 'b' to boot the changed entry.

--Dan

 
 
 

HELP! - I've screwed up and now can't access root

Post by Michael Forste » Tue, 01 Jul 2003 02:44:35


There is a bit of a security hole (or there was in some versions of unix)
but normally it isn't a problem but if you can get sudo to work then you can
get to a root shell fairly easy.

using sudo - chmod u+s /bin/more
or /bin/less

Then less or more a file

at the first page prompt type !csh or !bash  or even !sh
this will shell out to a shell with root permissions
The reason I know this is that when I was at College the sysop set the
/dev/tty as root root rw_r__r__ so noone could use less or more unless it
was set SUID and we found that we had a backdoor into Root via it :-)

Mike.


Quote:> On Thursday 26 June 2003 03:11, sxjcp blurted:

> > I consider myself an intermediate user on Linux. I can do things very
> > well, others not well at all. At my workplace, I've converted a former
> > PIII NT machine into a smoking RH9.0 NetWorker client. One of the
requests
> > that my lead IT asked me to do is to set up this Linux box to be SSH
> > enabled to transfer and store critical files. Although it was my first
> > time doing so, I was able to impliment SSH, and then started looking for
> > addtional security. So I downloaded the RH Linux Security Guide from
RH's
> > site.

> > I was walking through the guide, and started working on root access. I
> > wasn't reading ahead. Instead, I was just doing the commands that the
> > guide instructed.

> Bad Thing.

> > First I changed the root shell in my /etc/passwd file from /bin/bash to
> > /sbin/nologin.

> > Second I disabled root access via any console device (tty) by creating
an
> > empty /etc/securetty file.

> > Third I disabled root SSH logins by editing the /etc/ssh/sshd_config to
> > set the PermitRootLogin to no.

> What guide is that? Perchance the "users-fix-it-themselves" a.k.a.
> "users-lart-themselves-HOWTO" in my top drawer?

> > I didn't get as far as using PAM to limit root access services because
at
> > this point I then rebooted to test a previous security implementation to
> > the grub.conf file to enforce pwords when login in to command line. I
> > found out that something went wrong. I believe it was a bad crypto copy
> > from the /sbin/grub-md5-crypt output, but that's not my problem. My
> > problem is this. Because of my root access step one, I'm no longer to
> > switch into root mode with su. I then tried to implement my commands
with
> > sudo. However, I cannot get it to accept my root password. FYI, because
it
> > was my first time running sudo, I didn't do any config on it. I know
that
> > my root password still works because when I execute any system setting
> > programs, I can successfully start it with my root pword. I really want
to
> > edit my root shell back to /sbin/nologin. What is the correct
> > implimentation of sudo? I've been entering the following below:

> > $ sudo vi /etc/passwd

> > I wish I were in front of my work workstation, but I'm currently at home
> > and can't recall the output from that statement. All I know is that I
> > can't get into it. Please can someone help me out here?

> Boot it with a bootdisk or CD-ROM, mount the root drive in /mnt, cd there
> and mount the usr drive in /mnt/usr. chroot /mnt, passwd, rm
> /etc/securetty, change your root shell back and reboot.

> --
> QOTD:
>         "Sure, I turned down a drink once.  Didn't understand the

question."