Locked Myself Out - Cannot "su"
Daniel Marsh
jahilliya at gmail.com
Mon May 28 23:43:06 UTC 2007
On 5/29/07, Schiz0 <schiz0phrenic21 at gmail.com> wrote:
>
> On 5/27/07, Schiz0 <schiz0phrenic21 at gmail.com> wrote:
> > On 5/27/07, Conrad J. Sabatier <conrads at cox.net> wrote:
> > > On Sun, 27 May 2007 19:17:20 -0400
> > > Schiz0 <schiz0phrenic21 at gmail.com> wrote:
> > >
> > > > This is one of those things where after you realize what you've
> done,
> > > > you just want to smack yourself.
> > > >
> > > > I've been working on hardening my FreeBSD 6.2-Stable box. I disabled
> > > > root login from everywhere, including the console (The box isn't
> > > > physically secure, so I didn't want anyone screwing around). Now, me
> > > > being stupid, didn't reboot after making all these changes to harden
> > > > it. So I finally rebooted (With the secure level set to 2) and I
> found
> > > > that I can't run "su." I get the following error:
> > > >
> > > > $ su -
> > > > su: not running setuid
> > > >
> > > > I can't shutdown since I can't become root, so I pulled the plug and
> > > > rebooted into single-user mode. I edited /etc/rc.conf and set
> > > > kern_securelevel_enable="NO"
> > > >
> > > > I rebooted again, but for some reason I still get the same error for
> > > > "su."
> > > >
> > > > So basically, I locked myself out of my box completely. I fail :-(
> > > >
> > > > su has the following permissions:
> > > > -r-sr-xr-x 1 root wheel schg 12240 May 13 13:15 su
> > > >
> > > > And sudo isn't installed, unfortunately. Any ideas of how to get
> root
> > > > back?
> > > >
> > > > Thanks!
> > >
> > > First, you need to make sure that ttyv0 is *not* set to "insecure"
> > > in /etc/ttys, so no login/password will be needed in single-user mode:
> > >
> > > ttyv0 "/usr/libexec/getty Pc" cons25l1 on secure
> > >
> > > This *should* allow you to use single-user mode once again as root.
> > >
> > > Then, make sure that any user you want to have su capability is listed
> > > in /etc/group under the "wheel" entry:
> > >
> > > wheel:*:0:root,foouser
> > >
> > > After that, any other problems you may encounter will have to be dealt
> > > with as they arise. Post a followup if you still have trouble.
> > >
> > > HTH
> > >
> > > --
> > > Conrad J. Sabatier <conrads at cox.net>
> > >
> > >
> >
> > Well I do know the root password, so I can get into single user mode
> > even though the console is marked insecure. So that's not a problem.
> >
> > I just checked /etc/group and my username is NOT in the wheel group.
> > I'm not in front the system right now to reboot it into single user
> > mode and change /etc/group, but hopefully when I do, it will solve the
> > problem. It's weird though, because I've been using this box fine for
> > the past two months. I was able to su to root during that time. It's
> > very strange that my username's group was changed automatically out of
> > the wheel group.
> >
> > Thank you for your help!
> >
>
> Hm, this is odd. /etc/group contains:
> wheel:*:0:root,steve
> (My username is "steve")
>
> I rebooted (SecureLevel is still disabled) and logged in as "steve."
> Then I tried to run "su - root" and I got the same error:
> $ su - root
> su: not running setuid
>
> But it's weird, because in the permissions for "su" it does have the suid
> flag:
> $ ls -l /usr/bin/ |grep su
> -r-sr-xr-x 1 root wheel 12240 May 13 13:15 su
>
> Also, when I dropped to single-user mode, I edited my
> /etc/login.access and enabled root login on the console. But now I
> when I try to login as root, I get the error:
> login: pam_acct_mgmt(): authentication error
>
> I definitely remember what root's password is. I even changed root's
> password in single-user mode, and it still doesn't let me login. I
> don't think the box is compromised; this isn't a production server at
> all, only a home HTTP/FTP server for personal use.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>
Have you mounted any file systems with the nosuid flag?
Type: mount to check.
Also have a look in your /etc/fstab
If you have mounted a filesystem with nosuid then regardless of the flags on
the file it wont run as suid.
Thanks
More information about the freebsd-questions
mailing list