Hello All, Ive got a big Problem. I changed the root shell to /bin/false. There is neither a user in the sudoers nor is there any other root-user or even a user in the root group. Is it possible to switch back the shell to /bin/bash or sh or something? Ive tried: sudo -- not in sudoers su -s /bin/bash -c "command" -- "using restricted shell: /bin/false" thanks in advance, Ulrich
Hi, Use: chsh root and you will be asked about the new root shell. Regards, Alin. Ulrich Kautz wrote:
Hello All,
Ive got a big Problem. I changed the root shell to /bin/false.
There is neither a user in the sudoers nor is there any other root-user or even a user in the root group.
Is it possible to switch back the shell to /bin/bash or sh or something?
Ive tried: sudo -- not in sudoers su -s /bin/bash -c "command" -- "using restricted shell: /bin/false"
thanks in advance, Ulrich
-- Alin DOBRE Technical Support Engineer - RAV Division mailto:alin.dobre@ravantivirus.com http://www.ravantivirus.com --------------------------- This message is confidential. It may also be privileged or otherwise protected by work product immunity or other legal rules. If you have received it by mistake please let us know by reply and then delete it from your system; you should not copy the message or disclose its contents to anyone.
Thanks for your advice, but when i try "chsh root" i get back: "your shell is not in /etc/shells" my "/etc/shells" contains: /bin/sh /bin/bash /bin/nologin /bin/bash2 /bin/ash /bin/tcsh /bin/csh ...and i use /bin/bash I forgot to mention, that the problem is not on my home system, its on my Webserver. Unfortunally i cant insert any CD and reboot. Any ideas whats wrong?
Hi,
Use: chsh root and you will be asked about the new root shell.
Regards, Alin.
Ulrich Kautz wrote:
Hello All,
Ive got a big Problem. I changed the root shell to /bin/false.
There is neither a user in the sudoers nor is there any other root-user or even a user in the root group.
Is it possible to switch back the shell to /bin/bash or sh or something?
Ive tried: sudo -- not in sudoers su -s /bin/bash -c "command" -- "using restricted shell: /bin/false"
thanks in advance, Ulrich
Hi! Ulrich Kautz schrieb:
I forgot to mention, that the problem is not on my home system, its on my Webserver. Unfortunally i cant insert any CD and reboot.
Ok, in this case i would try following (you will need ssh-Access): 1) scp the remote /etc/passwd to your system 2) change it 3) scp it back ... 4) try it Bye, Uli
Ok, in this case i would try following (you will need ssh-Access):
1) scp the remote /etc/passwd to your system 2) change it 3) scp it back ... 4) try it
That wouldn't work, because scp -t (on the remote side with the f***'ed up passwd file) is being run by sshd via login shell. Means: sshd runs login shell, login shell runs scp -t. Ergo: No scp -t will be run, and false will be propagated to the local scp program (client-wise), which will return non-0. Roman.
On Wednesday 08 October 2003 16:11, Ulrich Kautz wrote:
Thanks for your advice, but when i try "chsh root" i get back: "your shell is not in /etc/shells"
Indeed, cause what you've done effectively is the equivalent of leaving and locking your car, with the keys still inside.
I forgot to mention, that the problem is not on my home system, its on my Webserver. Unfortunally i cant insert any CD and reboot.
Yeah yeah. Forget your webserver's uptime. Quite sorry but you will have to. There is no way to fix this not being at the console. However, you may not need the CD but can instead enter the line "init=/bin/bash" after the linux boot target (at reboot). If this is not locked out by default, and that depends... in all other cases you do need a rescue boot medium, be it a CD, a floppy or...
Any ideas whats wrong?
You did something you shouldn't have, without overseeing the consequences, that's what _really_ wrong. What's technically wrong is that by changing the shell for root you killed the only account that can change that back. -- Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER
Ulrich Kautz wrote:
Hello All,
Ive got a big Problem. I changed the root shell to /bin/false.
There is neither a user in the sudoers nor is there any other root-user or even a user in the root group.
Is it possible to switch back the shell to /bin/bash or sh or something?
Ive tried: sudo -- not in sudoers su -s /bin/bash -c "command" -- "using restricted shell: /bin/false"
thanks in advance, Ulrich
Boot from cdrom, mount your root partition, change /etc/passwd, and reboot again. -- IT Administrator Andrew Edunov and@snq.ru +7 (095) 785-42-82 +7 (095) 785-42-83 8 (903) 610-48-76
Hi! Ulrich Kautz schrieb:
Hello All,
Ive got a big Problem. I changed the root shell to /bin/false.
There is neither a user in the sudoers nor is there any other root-user or even a user in the root group.
Is it possible to switch back the shell to /bin/bash or sh or something?
Reboot from CD to rescue mode, mount the partition and edit /etc/passwd Bye, Uli
/ 2003-10-08 15:47:50 +0200 \ Ulrich Kautz:
Hello All,
Ive got a big Problem. I changed the root shell to /bin/false.
There is neither a user in the sudoers nor is there any other root-user or even a user in the root group.
Is it possible to switch back the shell to /bin/bash or sh or something?
Ive tried: sudo -- not in sudoers su -s /bin/bash -c "command" -- "using restricted shell: /bin/false"
thanks in advance, Ulrich
sorry, can not confirm this. if nothing helps, there is always the "rescue" system on you installation cds ... or, if your boot loader permits this: boot with init=/bin/bash :-) SuSE 8.1, kernel.org 2.4.22, no special pam settings. lars@johann$ grep root /etc/passwd root:x:0:0:root:/root:/bin/false (0) 16:08:32 ~ lars@johann$ su Password: -- /bin/false drops me back to my "lars" prompt (0) 16:08:42 ~ lars@johann$ su -s /bin/bash Password: (0) 16:08:51 /home/lars root@johann# -- ok, now I'm root again, hack away ... Lars Ellenberg
Hi, here would be a workaround: mv /bin/false /bin/false.TEMP ln -s /bin/bash /bin/false echo "/bin/false" >> /etc/shells login as root chsh root set it to /bin/bash *undo /bin/false: rm /bin/false mv /bin/false.TEMP /bin/false *done Regards, Alin. Ulrich Kautz wrote:
Hello All,
Ive got a big Problem. I changed the root shell to /bin/false.
There is neither a user in the sudoers nor is there any other root-user or even a user in the root group.
Is it possible to switch back the shell to /bin/bash or sh or something?
Ive tried: sudo -- not in sudoers su -s /bin/bash -c "command" -- "using restricted shell: /bin/false"
thanks in advance, Ulrich
-- Alin DOBRE Technical Support Engineer - RAV Division mailto:alin.dobre@ravantivirus.com http://www.ravantivirus.com --------------------------- This message is confidential. It may also be privileged or otherwise protected by work product immunity or other legal rules. If you have received it by mistake please let us know by reply and then delete it from your system; you should not copy the message or disclose its contents to anyone.
really, I don't know which are the rights we are talking about... maybe more explainations would be necessary - which are the exact permissions for that computer. Alin. Markus Gaugusch wrote:
On Oct 8, Alin Dobre
wrote: Hi,
here would be a workaround: mv /bin/false /bin/false.TEMP
He can't do that as non-root.
Markus
-- Alin DOBRE Technical Support Engineer - RAV Division mailto:alin.dobre@ravantivirus.com http://www.ravantivirus.com --------------------------- This message is confidential. It may also be privileged or otherwise protected by work product immunity or other legal rules. If you have received it by mistake please let us know by reply and then delete it from your system; you should not copy the message or disclose its contents to anyone.
Hmm, /bin/false is 0755 and belongs to root. I also cant scp the passwd back and overwrite the existing passwd (permission denied). And im not trying to hack someone else system. Actually its not my System, but the one who owns it asked me to help him. OK, here is a short overview about my permissions: - I do have normal user access to the system. - I am in the admin group (gid 500, normal usergroup). - I do have the root password (and my user password of course). - I do not have any physical access to the System.
Hi,
here would be a workaround: mv /bin/false /bin/false.TEMP ln -s /bin/bash /bin/false echo "/bin/false" >> /etc/shells login as root chsh root set it to /bin/bash *undo /bin/false: rm /bin/false mv /bin/false.TEMP /bin/false *done
Regards, Alin.
Ulrich Kautz wrote:
Hello All,
Ive got a big Problem. I changed the root shell to /bin/false.
There is neither a user in the sudoers nor is there any other root-user or even a user in the root group.
Is it possible to switch back the shell to /bin/bash or sh or something?
Ive tried: sudo -- not in sudoers su -s /bin/bash -c "command" -- "using restricted shell: /bin/false"
thanks in advance, Ulrich
-- Alin DOBRE Technical Support Engineer - RAV Division mailto:alin.dobre@ravantivirus.com http://www.ravantivirus.com --------------------------- This message is confidential. It may also be privileged or otherwise protected by work product immunity or other legal rules. If you have received it by mistake please let us know by reply and then delete it from your system; you should not copy the message or disclose its contents to anyone.
Simply enter: linux init=/bin/bash at lilo promnpt. There you go. edit /etc/passwd dont forget mount -o remount rw / But: You need to reboot for this, but that might be OK ;-)) Greetings Dirk Ulrich Kautz schrieb:
Hmm, /bin/false is 0755 and belongs to root.
I also cant scp the passwd back and overwrite the existing passwd (permission denied).
And im not trying to hack someone else system. Actually its not my System, but the one who owns it asked me to help him.
OK, here is a short overview about my permissions: - I do have normal user access to the system. - I am in the admin group (gid 500, normal usergroup). - I do have the root password (and my user password of course). - I do not have any physical access to the System.
Hi,
here would be a workaround: mv /bin/false /bin/false.TEMP ln -s /bin/bash /bin/false echo "/bin/false" >> /etc/shells login as root chsh root set it to /bin/bash *undo /bin/false: rm /bin/false mv /bin/false.TEMP /bin/false *done
Regards, Alin.
Ulrich Kautz wrote:
Hello All,
Ive got a big Problem. I changed the root shell to /bin/false.
There is neither a user in the sudoers nor is there any other root-user or even a user in the root group.
Is it possible to switch back the shell to /bin/bash or sh or something?
Ive tried: sudo -- not in sudoers su -s /bin/bash -c "command" -- "using restricted shell: /bin/false"
thanks in advance, Ulrich
-- Alin DOBRE Technical Support Engineer - RAV Division mailto:alin.dobre@ravantivirus.com http://www.ravantivirus.com --------------------------- This message is confidential. It may also be privileged or otherwise protected by work product immunity or other legal rules. If you have received it by mistake please let us know by reply and then delete it from your system; you should not copy the message or disclose its contents to anyone.
Well check your syntax for the su -s then. A simple su -s /bin/bash or su -s /bin/sh _should_ work imho BB, Arjen On Wednesday 08 October 2003 16:46, Ulrich Kautz wrote:
Hmm, /bin/false is 0755 and belongs to root.
I also cant scp the passwd back and overwrite the existing passwd (permission denied).
And im not trying to hack someone else system. Actually its not my System, but the one who owns it asked me to help him.
OK, here is a short overview about my permissions: - I do have normal user access to the system. - I am in the admin group (gid 500, normal usergroup). - I do have the root password (and my user password of course). - I do not have any physical access to the System.
I have changed my root shell to /bin/false, and here's what I did: alin@alind ~ > grep root /etc/passwd root:x:0:0:root:/root:/bin/false alin@alind ~ > id uid=500(alin) gid=100(users) groups=100(users),14(uucp),16(dialout),17(audio),33(video),500(alin) alin@alind ~ > su -s /bin/bash Password: alind /home/alin # id uid=0(root) gid=0(root) groups=0(root) alind /home/alin # It works for me, I don't understand why doesn't this work for you. Ulrich Kautz wrote:
Hmm, /bin/false is 0755 and belongs to root.
I also cant scp the passwd back and overwrite the existing passwd (permission denied).
And im not trying to hack someone else system. Actually its not my System, but the one who owns it asked me to help him.
OK, here is a short overview about my permissions: - I do have normal user access to the system. - I am in the admin group (gid 500, normal usergroup). - I do have the root password (and my user password of course). - I do not have any physical access to the System.
Hi,
here would be a workaround: mv /bin/false /bin/false.TEMP ln -s /bin/bash /bin/false echo "/bin/false" >> /etc/shells login as root chsh root set it to /bin/bash *undo /bin/false: rm /bin/false mv /bin/false.TEMP /bin/false *done
Regards, Alin.
Ulrich Kautz wrote:
Hello All,
Ive got a big Problem. I changed the root shell to /bin/false.
There is neither a user in the sudoers nor is there any other root-user or even a user in the root group.
Is it possible to switch back the shell to /bin/bash or sh or something?
Ive tried: sudo -- not in sudoers su -s /bin/bash -c "command" -- "using restricted shell: /bin/false"
thanks in advance, Ulrich
-- Alin DOBRE Technical Support Engineer - RAV Division mailto:alin.dobre@ravantivirus.com http://www.ravantivirus.com --------------------------- This message is confidential. It may also be privileged or otherwise protected by work product immunity or other legal rules. If you have received it by mistake please let us know by reply and then delete it from your system; you should not copy the message or disclose its contents to anyone.
-- Alin DOBRE Technical Support Engineer - RAV Division mailto:alin.dobre@ravantivirus.com http://www.ravantivirus.com --------------------------- This message is confidential. It may also be privileged or otherwise protected by work product immunity or other legal rules. If you have received it by mistake please let us know by reply and then delete it from your system; you should not copy the message or disclose its contents to anyone.
I dont get it either, Alin. On my home system your solutions also works fine. Thank you all for your help, but i give up. I think my friend will have to pay 12euro to the greedy server provider to reboot with init=/bin/bash and change one line in the /etc/passwd ;-/ have a nice day, Ulrich
I have changed my root shell to /bin/false, and here's what I did:
alin@alind ~ > grep root /etc/passwd root:x:0:0:root:/root:/bin/false alin@alind ~ > id uid=500(alin) gid=100(users) groups=100(users),14(uucp),16(dialout),17(audio),33(video),500(alin) alin@alind ~ > su -s /bin/bash Password: alind /home/alin # id uid=0(root) gid=0(root) groups=0(root) alind /home/alin #
It works for me, I don't understand why doesn't this work for you.
Ulrich Kautz wrote:
Hmm, /bin/false is 0755 and belongs to root.
I also cant scp the passwd back and overwrite the existing passwd (permission denied).
And im not trying to hack someone else system. Actually its not my System, but the one who owns it asked me to help him.
OK, here is a short overview about my permissions: - I do have normal user access to the system. - I am in the admin group (gid 500, normal usergroup). - I do have the root password (and my user password of course). - I do not have any physical access to the System.
Hi,
here would be a workaround: mv /bin/false /bin/false.TEMP ln -s /bin/bash /bin/false echo "/bin/false" >> /etc/shells login as root chsh root set it to /bin/bash *undo /bin/false: rm /bin/false mv /bin/false.TEMP /bin/false *done
Regards, Alin.
Ulrich Kautz wrote:
Hello All,
Ive got a big Problem. I changed the root shell to /bin/false.
There is neither a user in the sudoers nor is there any other root-user or even a user in the root group.
Is it possible to switch back the shell to /bin/bash or sh or something?
Ive tried: sudo -- not in sudoers su -s /bin/bash -c "command" -- "using restricted shell: /bin/false"
thanks in advance, Ulrich
-- Alin DOBRE Technical Support Engineer - RAV Division mailto:alin.dobre@ravantivirus.com http://www.ravantivirus.com --------------------------- This message is confidential. It may also be privileged or otherwise protected by work product immunity or other legal rules. If you have received it by mistake please let us know by reply and then delete it from your system; you should not copy the message or disclose its contents to anyone.
On Wed, Oct 08, 2003 at 05:20:45PM +0200, Ulrich Kautz wrote:
I dont get it either, Alin. On my home system your solutions also works fine.
Thank you all for your help, but i give up.
you could try to break in: check, if he has installed all security patches. If he hasn't - look for an exploit.
I think my friend will have to pay 12euro to the greedy server provider to reboot with init=/bin/bash and change one line in the /etc/passwd ;-/
If I was the provider, he would not get it this cheap ;-)) regards, Stefan -- Stefan Seyfried Senior Consultant community4you GmbH, Chemnitz, Germany. http://www.community4you.de http://www.open-eis.com
There should not be a way to fix this without root access or by booting the machine with an alternate configuration. If there is, then we are in deep trouble. Markus
-----Original Message----- From: Ulrich Kautz [mailto:uk@clubfever.de] Sent: Wednesday, October 08, 2003 10:47 AM To: alin.dobre@ravantivirus.com Cc: suse-security Subject: Re: [suse-security] root has no shell
Hmm, /bin/false is 0755 and belongs to root.
I also cant scp the passwd back and overwrite the existing passwd (permission denied).
And im not trying to hack someone else system. Actually its not my System, but the one who owns it asked me to help him.
OK, here is a short overview about my permissions: - I do have normal user access to the system. - I am in the admin group (gid 500, normal usergroup). - I do have the root password (and my user password of course). - I do not have any physical access to the System.
Hi,
here would be a workaround: mv /bin/false /bin/false.TEMP ln -s /bin/bash /bin/false echo "/bin/false" >> /etc/shells login as root chsh root set it to /bin/bash *undo /bin/false: rm /bin/false mv /bin/false.TEMP /bin/false *done
Regards, Alin.
Ulrich Kautz wrote:
Hello All,
Ive got a big Problem. I changed the root shell to /bin/false.
There is neither a user in the sudoers nor is there any other root-user or even a user in the root group.
Is it possible to switch back the shell to /bin/bash or sh or something?
Ive tried: sudo -- not in sudoers su -s /bin/bash -c "command" -- "using restricted shell: /bin/false"
thanks in advance, Ulrich
-- Alin DOBRE Technical Support Engineer - RAV Division mailto:alin.dobre@ravantivirus.com http://www.ravantivirus.com --------------------------- This message is confidential. It may also be privileged or otherwise protected by work product immunity or other legal rules. If you have received it by mistake please let us know by reply and then delete it from your system; you should not copy the message or disclose its contents to anyone.
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-----Original Message----- From: Markus Lorch [mailto:mlorch@vt.edu] Sent: Wednesday, October 08, 2003 11:49 AM To: 'Ulrich Kautz'; alin.dobre@ravantivirus.com Cc: 'suse-security' Subject: RE: [suse-security] root has no shell
There should not be a way to fix this without root access or by booting the machine with an alternate configuration.
If there is, then we are in deep trouble.
Markus
That's where physical security of your machines comes into play. RK Davies Textbox Networks
-----Original Message----- From: Ulrich Kautz [mailto:uk@clubfever.de] Sent: Wednesday, October 08, 2003 10:47 AM To: alin.dobre@ravantivirus.com Cc: suse-security Subject: Re: [suse-security] root has no shell
Hmm, /bin/false is 0755 and belongs to root.
I also cant scp the passwd back and overwrite the existing passwd (permission denied).
And im not trying to hack someone else system. Actually its not my System, but the one who owns it asked me to help him.
OK, here is a short overview about my permissions: - I do have normal user access to the system. - I am in the admin group (gid 500, normal usergroup). - I do have the root password (and my user password of course). - I do not have any physical access to the System.
Hi,
here would be a workaround: mv /bin/false /bin/false.TEMP ln -s /bin/bash /bin/false echo "/bin/false" >> /etc/shells login as root chsh root set it to /bin/bash *undo /bin/false: rm /bin/false mv /bin/false.TEMP /bin/false *done
Regards, Alin.
Ulrich Kautz wrote:
Hello All,
Ive got a big Problem. I changed the root shell to /bin/false.
There is neither a user in the sudoers nor is there any other root-user or even a user in the root group.
Is it possible to switch back the shell to /bin/bash or sh or something?
Ive tried: sudo -- not in sudoers su -s /bin/bash -c "command" -- "using restricted shell: /bin/false"
thanks in advance, Ulrich
-- Alin DOBRE Technical Support Engineer - RAV Division mailto:alin.dobre@ravantivirus.com http://www.ravantivirus.com --------------------------- This message is confidential. It may also be privileged or otherwise protected by work product immunity or other legal rules. If you have received it by mistake please let us know by reply and then delete it from your system; you should not copy the message or disclose its contents to anyone.
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
On Wednesday 08 October 2003 16:26, Alin Dobre wrote:
Hi,
here would be a workaround: mv /bin/false /bin/false.TEMP ln -s /bin/bash /bin/false echo "/bin/false" >> /etc/shells login as root chsh root set it to /bin/bash *undo /bin/false: rm /bin/false mv /bin/false.TEMP /bin/false *done
Uh-huh. And what makes you think that a non-root user can go and remove and symlink files that are located in /bin/ ???? (( ---Oops--- )) Maarten -- Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER
Hi Ulrich!
Ive got a big Problem. I changed the root shell to /bin/false.
Do you have physical access to the system? In this case you could try to boot from an alternative system, e.g. a CD, and edit the /etc/passwd file from there. Bernhard
Am Mittwoch, 8. Oktober 2003 15:47 schrieb Ulrich Kautz:
Hello All,
Ive got a big Problem. I changed the root shell to /bin/false.
For me the su -s /bin/sh or so dont work, too. But if you are using a ptrace vulnerable kernel you could try using the ptrace expolit. Peace & Luck Stefan
Maybe ssh root@localhost /bin/bash ?
Eduard
--- Anders Johansson
On Wednesday 08 October 2003 15.47, Ulrich Kautz wrote:
su -s /bin/bash -c "command" -- "using restricted shell: /bin/false"
su -s /bin/bash works for me, SuSE 8.2
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
__________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com
Anders, It depends whether /bin/false is in /etc/shells or not. If you look at the info page for su you see that an unprivileged user cannot use -s if the original shell is restricted, i.e. not present in /etc/shells. I don't know why some systems have /bin/false in /etc/shells and others don't. It might depend on some security setting somewhere, or just on whether the administrator has modified it. Bob On Thu, 9 Oct 2003, Anders Johansson wrote:
On Wednesday 08 October 2003 15.47, Ulrich Kautz wrote:
su -s /bin/bash -c "command" -- "using restricted shell: /bin/false"
su -s /bin/bash works for me, SuSE 8.2
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691
participants (19)
-
Alin Dobre
-
Anders Johansson
-
Andrew Edunov
-
Arjen Runsink
-
Bernhard Schalk
-
Bob Vickers
-
Christopher Mahmood
-
Dirk Schreiner
-
Eduard Avetisyan
-
Lars Ellenberg
-
maarten van den Berg
-
Markus Gaugusch
-
Markus Lorch
-
Robert Davies
-
Roman Drahtmueller
-
Stefan Nitz
-
Stefan Seyfried
-
Ulrich Kautz
-
Ulrich Klenk