bad root shell in /etc/passwd
Polytropon
freebsd at edvax.de
Thu Sep 27 04:18:59 UTC 2012
On Wed, 26 Sep 2012 22:07:26 -0600, Gary Aitken wrote:
> Thanks, all.
>
> On 09/26/12 19:18, Polytropon wrote:
> > That's why you should be using the "toor" account and leave "root"
> > unchanged.
>
> I realized that about the time I learned I had given root to a bad shell path;
> at which time I also realized I hadn't given toor a pw.
The toor account will be locked until put into use, so no
security risk.
> > Maybe without rebooting you can do this: Enter "su -m" (if your
> > non-root user is allowed to su root, then enter "chsh" and set
> > the root shell back to the default.
>
> su -m won't work because of the bad shell
> "As a security precaution, if the target user's shell is a non-standard
> shell (as defined by getusershell(3)) and the caller's real uid is non-
> zero, su will fail."
Ah okay, I didn't check that security feature in particular.
As "su -m" usually "continues" the current user shell, as
described for the -m option:
Leave the environment unmodified. The invoked shell is your
login shell, and no directory changes are made.
Immediately followed by the restriction you quoted. :-)
> > When you can successfully boot into SUM, you will be prompted for
> > the shell to start. /bin/sh is the default shell (even though it
> > is a quite ugly dialog shell -- still it's considered a "maintenance
> > and emergency use only shell" at this point. It will be powerful
> > enough to call the "chsh" command to get root back into normal
> > condition.
>
> chsh and vipw won't work from SUM until you mount /usr,
> which fortunately was all intact.
That's correct, those are located in /usr/bin (which _may_ be
on a separate partition that requires mounting before use).
Depending on how $EDITOR is set (_if_ it should be set somehow),
the availability of this editor (default: /usr/bin/vi) will
decide about the functionality of the vipw or chsh commands.
--
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
More information about the freebsd-questions
mailing list