bad root shell in /etc/passwd

Polytropon freebsd at
Thu Sep 27 04:18:59 UTC 2012

On Wed, 26 Sep 2012 22:07:26 -0600, Gary Aitken wrote:
> Thanks, all.
> On 09/26/12 19:18, Polytropon wrote:
> > That's why you should be using the "toor" account and leave "root"
> > unchanged.
> I realized that about the time I learned I had given root to a bad shell path;
> at which time I also realized I hadn't given toor a pw.

The toor account will be locked until put into use, so no
security risk.

> > Maybe without rebooting you can do this: Enter "su -m" (if your
> > non-root user is allowed to su root, then enter "chsh" and set
> > the root shell back to the default.
> su -m won't work because of the bad shell
>    "As a security precaution, if the target user's shell is a non-standard
>     shell (as defined by getusershell(3)) and the caller's real uid is non-
>     zero, su will fail."

Ah okay, I didn't check that security feature in particular.
As "su -m" usually "continues" the current user shell, as
described for the -m option:

	Leave the environment unmodified.  The invoked shell is your
	login shell, and no directory changes are made.

Immediately followed by the restriction you quoted. :-)

> > When you can successfully boot into SUM, you will be prompted for
> > the shell to start. /bin/sh is the default shell (even though it
> > is a quite ugly dialog shell -- still it's considered a "maintenance
> > and emergency use only shell" at this point. It will be powerful
> > enough to call the "chsh" command to get root back into normal
> > condition.
> chsh and vipw won't work from SUM until you mount /usr,
> which fortunately was all intact.

That's correct, those are located in /usr/bin (which _may_ be
on a separate partition that requires mounting before use).
Depending on how $EDITOR is set (_if_ it should be set somehow),
the availability of this editor (default: /usr/bin/vi) will
decide about the functionality of the vipw or chsh commands.

Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

More information about the freebsd-questions mailing list