Re: [SLUG] remote box screwup

From: Eben King (eben1@tampabay.rr.com)
Date: Sat Jun 18 2005 - 01:52:38 EDT


On Fri, 17 Jun 2005, Chuck Hast wrote:

> Well, done it now. I was working on a remote box and forgot that I was
> on as root, I did a chsh thinking I was on as another login and changed
> the root shell to ash, but now I can not get back into the machine
> it appears that in the passwd file the ash shell is not shown as in any
> particular directory, and a attempt to login as root returns a message
> 'no shell'
> and it drops me out.

Oops.

> I can log in as my self, and I can see the passwd file and sure enough
> root has been changed from :/bin/bash to just :ash
> And of course the passwd file only has root permissions. I guess
> short of having someone put a recovery CD in there and go change the
> thing there is not much I can do remotely...

Maybe

su -c 'echo /bin/ash >> /etc/shells'

? Or exploit a bug in a running daemon? When I ssh in with a command I
don't _think_ is consults /etc/shells, but ICBW. Setting ftp users' shells
to /bin/false used to be popular, and it worked to some extent. /bin/false
isn't in my /etc/shells, but /sbin/nologin is.

-- 
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?           [TOFU := text oben,
A: Top-posting.                                       followup unten]
Q: What is the most annoying thing on usenet?        -- Daniel Jensen

----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:14:08 EDT