Security Basics mailing list archives
Re: Root account desactivated - confirmed
From: Alvin Oga <alvin.sec () Virtual Linux-Consulting com>
Date: Thu, 11 Mar 2004 19:48:52 -0800 (PST)
hi ya sil
If you have sudo on the machine you can try doing something like sudo sed 's/\/sbin/\/nologin/\/bin\/bash/g' /etc/passwd >> /tmp/passwd|\ mv /tmp/passwd /etc/passwd
you've just confirmed why root accts should be disabled for everybody,
even those with sudo priviledges
if i have my sed'ing right,
the above sed will convert all /sbin/nologin to /bin/bash
( even for silly (ftp, rpm, gpm, etc ) accts that should NEVER
( be a login account
if one knows root passwd, they should be able to figure out
how to properly fix it ... ( my philophosy )
"properly" in my definition, implies telling all security
personal that the change is proposed and will be implemented
and why it was needed
for the above shell problem for root,
go to single user and change it back to what is should be
if it asks for passwd, than you will need a valid shell
so you will need to boot a different cdrom ( xxx linux boot cd )
and mount your system and fix it
c ya
alvin
On Thu, 11 Mar 2004, MARTIN M. BĂ©noni wrote:Hi community! I have a really stupid trouble: on a Redhat 9.0, the line matching the root account in the file /etc/passwd has been changed from ".../bin/bash" to ".../sbin/nologin". We have the root password, but when performing a "su" command, the system replies that the account is not currently available. So the question is: how from an user's account and knowing the root's password but having the root account disabled can we reactivate this root's account? Any suggestion would be appreciated, I do not want to reinstall the box :(
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Root account desactivated MARTIN M. Bénoni (Mar 11)
- Re: Root account desactivated sil (Mar 11)
- Re: Root account desactivated Paul Mohr (Mar 12)
- Re: Root account desactivated sil (Mar 12)
- Re: Root account desactivated Michael Gale (Mar 12)
- Re: Root account desactivated Dan Trainor (Mar 12)
- Re: Root account desactivated - confirmed Alvin Oga (Mar 12)
- Re: Root account desactivated Michael Gale (Mar 12)
- Re: Root account desactivated Patrice Neff (Mar 15)
- Re: Root account desactivated Paul Mohr (Mar 12)
- Re: Root account desactivated Ansgar -59cobalt- Wiechers (Mar 12)
- Re: Root account desactivated Paul Mohr (Mar 12)
- Re: Root account desactivated mike (Mar 12)
- Re: Root account desactivated Adam Brewster (Mar 12)
- Re: Root account desactivated Torry Crass (Mar 12)
- Re: Root account desactivated Leif Ericksen (Mar 12)
- Re: Root account desactivated Suramya Tomar (Mar 12)
- Re: Root account desactivated Mike Dresser (Mar 12)
(Thread continues...)
- Re: Root account desactivated sil (Mar 11)