Thanks for your advice, but when i try "chsh root" i get back: "your shell is not in /etc/shells" my "/etc/shells" contains: /bin/sh /bin/bash /bin/nologin /bin/bash2 /bin/ash /bin/tcsh /bin/csh ...and i use /bin/bash I forgot to mention, that the problem is not on my home system, its on my Webserver. Unfortunally i cant insert any CD and reboot. Any ideas whats wrong?

Hi,

Use: chsh root and you will be asked about the new root shell.

Regards, Alin.

Ulrich Kautz wrote:

...

Hello All,

Ive got a big Problem. I changed the root shell to /bin/false.

There is neither a user in the sudoers nor is there any other root-user or even a user in the root group.

Is it possible to switch back the shell to /bin/bash or sh or something?

Ive tried: sudo -- not in sudoers su -s /bin/bash -c "command" -- "using restricted shell: /bin/false"

thanks in advance, Ulrich

Ok, in this case i would try following (you will need ssh-Access):

1) scp the remote /etc/passwd to your system 2) change it 3) scp it back ... 4) try it

That wouldn't work, because scp -t (on the remote side with the f***'ed up passwd file) is being run by sshd via login shell. Means: sshd runs login shell, login shell runs scp -t. Ergo: No scp -t will be run, and false will be propagated to the local scp program (client-wise), which will return non-0. Roman.

On Wednesday 08 October 2003 16:11, Ulrich Kautz wrote:

Thanks for your advice, but when i try "chsh root" i get back: "your shell is not in /etc/shells"

Indeed, cause what you've done effectively is the equivalent of leaving and locking your car, with the keys still inside.

I forgot to mention, that the problem is not on my home system, its on my Webserver. Unfortunally i cant insert any CD and reboot.

Yeah yeah. Forget your webserver's uptime. Quite sorry but you will have to. There is no way to fix this not being at the console. However, you may not need the CD but can instead enter the line "init=/bin/bash" after the linux boot target (at reboot). If this is not locked out by default, and that depends... in all other cases you do need a rescue boot medium, be it a CD, a floppy or...

Any ideas whats wrong?

You did something you shouldn't have, without overseeing the consequences, that's what _really_ wrong. What's technically wrong is that by changing the shell for root you killed the only account that can change that back. -- Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER

really, I don't know which are the rights we are talking about... maybe more explainations would be necessary - which are the exact permissions for that computer. Alin. Markus Gaugusch wrote:

On Oct 8, Alin Dobre wrote:

...

Hi,

here would be a workaround: mv /bin/false /bin/false.TEMP

He can't do that as non-root.

Markus

-- Alin DOBRE Technical Support Engineer - RAV Division mailto:alin.dobre@ravantivirus.com http://www.ravantivirus.com --------------------------- This message is confidential. It may also be privileged or otherwise protected by work product immunity or other legal rules. If you have received it by mistake please let us know by reply and then delete it from your system; you should not copy the message or disclose its contents to anyone.

Simply enter: linux init=/bin/bash at lilo promnpt. There you go. edit /etc/passwd dont forget mount -o remount rw / But: You need to reboot for this, but that might be OK ;-)) Greetings Dirk Ulrich Kautz schrieb:

Hmm, /bin/false is 0755 and belongs to root.

I also cant scp the passwd back and overwrite the existing passwd (permission denied).

And im not trying to hack someone else system. Actually its not my System, but the one who owns it asked me to help him.

OK, here is a short overview about my permissions: - I do have normal user access to the system. - I am in the admin group (gid 500, normal usergroup). - I do have the root password (and my user password of course). - I do not have any physical access to the System.

...

Hi,

here would be a workaround: mv /bin/false /bin/false.TEMP ln -s /bin/bash /bin/false echo "/bin/false" >> /etc/shells login as root chsh root set it to /bin/bash *undo /bin/false: rm /bin/false mv /bin/false.TEMP /bin/false *done

Regards, Alin.

Ulrich Kautz wrote:

...

Hello All,

Ive got a big Problem. I changed the root shell to /bin/false.

There is neither a user in the sudoers nor is there any other root-user or even a user in the root group.

Is it possible to switch back the shell to /bin/bash or sh or something?

Ive tried: sudo -- not in sudoers su -s /bin/bash -c "command" -- "using restricted shell: /bin/false"

thanks in advance, Ulrich

-- Alin DOBRE Technical Support Engineer - RAV Division mailto:alin.dobre@ravantivirus.com http://www.ravantivirus.com --------------------------- This message is confidential. It may also be privileged or otherwise protected by work product immunity or other legal rules. If you have received it by mistake please let us know by reply and then delete it from your system; you should not copy the message or disclose its contents to anyone.

I have changed my root shell to /bin/false, and here's what I did: alin@alind ~ > grep root /etc/passwd root:x:0:0:root:/root:/bin/false alin@alind ~ > id uid=500(alin) gid=100(users) groups=100(users),14(uucp),16(dialout),17(audio),33(video),500(alin) alin@alind ~ > su -s /bin/bash Password: alind /home/alin # id uid=0(root) gid=0(root) groups=0(root) alind /home/alin # It works for me, I don't understand why doesn't this work for you. Ulrich Kautz wrote:

Hmm, /bin/false is 0755 and belongs to root.

I also cant scp the passwd back and overwrite the existing passwd (permission denied).

And im not trying to hack someone else system. Actually its not my System, but the one who owns it asked me to help him.

OK, here is a short overview about my permissions: - I do have normal user access to the system. - I am in the admin group (gid 500, normal usergroup). - I do have the root password (and my user password of course). - I do not have any physical access to the System.

...

Hi,

here would be a workaround: mv /bin/false /bin/false.TEMP ln -s /bin/bash /bin/false echo "/bin/false" >> /etc/shells login as root chsh root set it to /bin/bash *undo /bin/false: rm /bin/false mv /bin/false.TEMP /bin/false *done

Regards, Alin.

Ulrich Kautz wrote:

...

Hello All,

Ive got a big Problem. I changed the root shell to /bin/false.

There is neither a user in the sudoers nor is there any other root-user or even a user in the root group.

Is it possible to switch back the shell to /bin/bash or sh or something?

Ive tried: sudo -- not in sudoers su -s /bin/bash -c "command" -- "using restricted shell: /bin/false"

thanks in advance, Ulrich

-- Alin DOBRE Technical Support Engineer - RAV Division mailto:alin.dobre@ravantivirus.com http://www.ravantivirus.com --------------------------- This message is confidential. It may also be privileged or otherwise protected by work product immunity or other legal rules. If you have received it by mistake please let us know by reply and then delete it from your system; you should not copy the message or disclose its contents to anyone.

-- Alin DOBRE Technical Support Engineer - RAV Division mailto:alin.dobre@ravantivirus.com http://www.ravantivirus.com --------------------------- This message is confidential. It may also be privileged or otherwise protected by work product immunity or other legal rules. If you have received it by mistake please let us know by reply and then delete it from your system; you should not copy the message or disclose its contents to anyone.

On Wed, Oct 08, 2003 at 05:20:45PM +0200, Ulrich Kautz wrote:

I dont get it either, Alin. On my home system your solutions also works fine.

Thank you all for your help, but i give up.

you could try to break in: check, if he has installed all security patches. If he hasn't - look for an exploit.

I think my friend will have to pay 12euro to the greedy server provider to reboot with init=/bin/bash and change one line in the /etc/passwd ;-/

If I was the provider, he would not get it this cheap ;-)) regards, Stefan -- Stefan Seyfried Senior Consultant community4you GmbH, Chemnitz, Germany. http://www.community4you.de http://www.open-eis.com

-----Original Message----- From: Markus Lorch [mailto:mlorch@vt.edu] Sent: Wednesday, October 08, 2003 11:49 AM To: 'Ulrich Kautz'; alin.dobre@ravantivirus.com Cc: 'suse-security' Subject: RE: [suse-security] root has no shell

There should not be a way to fix this without root access or by booting the machine with an alternate configuration.

If there is, then we are in deep trouble.

Markus

That's where physical security of your machines comes into play. RK Davies Textbox Networks

...

-----Original Message----- From: Ulrich Kautz [mailto:uk@clubfever.de] Sent: Wednesday, October 08, 2003 10:47 AM To: alin.dobre@ravantivirus.com Cc: suse-security Subject: Re: [suse-security] root has no shell

Hmm, /bin/false is 0755 and belongs to root.

I also cant scp the passwd back and overwrite the existing passwd (permission denied).

And im not trying to hack someone else system. Actually its not my System, but the one who owns it asked me to help him.

OK, here is a short overview about my permissions: - I do have normal user access to the system. - I am in the admin group (gid 500, normal usergroup). - I do have the root password (and my user password of course). - I do not have any physical access to the System.

...

Hi,

here would be a workaround: mv /bin/false /bin/false.TEMP ln -s /bin/bash /bin/false echo "/bin/false" >> /etc/shells login as root chsh root set it to /bin/bash *undo /bin/false: rm /bin/false mv /bin/false.TEMP /bin/false *done

Regards, Alin.

Ulrich Kautz wrote:

...

Hello All,

Ive got a big Problem. I changed the root shell to /bin/false.

There is neither a user in the sudoers nor is there any other root-user or even a user in the root group.

Is it possible to switch back the shell to /bin/bash or sh or something?

Ive tried: sudo -- not in sudoers su -s /bin/bash -c "command" -- "using restricted shell: /bin/false"

thanks in advance, Ulrich

-- Alin DOBRE Technical Support Engineer - RAV Division mailto:alin.dobre@ravantivirus.com http://www.ravantivirus.com --------------------------- This message is confidential. It may also be privileged or otherwise protected by work product immunity or other legal rules. If you have received it by mistake please let us know by reply and then delete it from your system; you should not copy the message or disclose its contents to anyone.

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

Maybe ssh root@localhost /bin/bash ? Eduard --- Anders Johansson wrote:

On Wednesday 08 October 2003 15.47, Ulrich Kautz wrote:

...

su -s /bin/bash -c "command" -- "using restricted shell: /bin/false"

su -s /bin/bash works for me, SuSE 8.2

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

__________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com