Root account locked out

Message

steve_zr · Post by **steve_zr** » Thu Jan 31, 2008 9:57 am

Hi All,
This is my first post on this forum so i would like to say hi and apologize if this is in the wrong place.

Unfortunately my gentoo box has locked the root account and i am unable to login.

The error message that appears is:

'This account is restricted by rssh.
This user is locked out.'

I am completely new to linux and i was not the person who set up this installation.

Thankyou in advance for your help

MostAwesomeDude · Post by **MostAwesomeDude** » Thu Jan 31, 2008 10:05 am

Remote login, right? Can you login as a limited user and then su or sudo?

steve_zr · Post by **steve_zr** » Thu Jan 31, 2008 10:41 am

It looks as though its a complete lockout, i cannot logon to the root account locally or remotely

I could try, how would i su or sudo?

I do apologize as i am a complete noob

downer · Post by **downer** » Thu Jan 31, 2008 11:17 am

steve_zr wrote:It looks as though its a complete lockout, i cannot logon to the root account locally or remotely

I could try, how would i su or sudo?

I do apologize as i am a complete noob

Code: Select all

$ su -

or

Code: Select all

$ sudo /bin/bash

steve_zr · Post by **steve_zr** » Thu Jan 31, 2008 12:47 pm

Well unfortunately I haven't been given the su password so i cant do that, is there a way of upgrading another account to a root without the need for the root account or am i in trouble. We have a web page running on that server but i am unable to restart apache to get it running, can i do this without the root account?

downer · Post by **downer** » Thu Jan 31, 2008 1:00 pm

steve_zr wrote:Well unfortunately I haven't been given the su password so i cant do that, is there a way of upgrading another account to a root without the need for the root account or am i in trouble. We have a web page running on that server but i am unable to restart apache to get it running, can i do this without the root account?

that is what su is for

su stands for "set userid", meaning you can take on the role of any user, without arguments it defaults to uid 0, ie root. and it is root's password you need.
sudo on the other hand defaults to ask for your own password i'm not mistaken, it can be changed in the configs.. but then you need root access.

//D

steve_zr · Post by **steve_zr** » Thu Jan 31, 2008 1:12 pm

When i try using su it gives me a permission denied message, is this due to a wrong password or it is because of the /etc/passwd file for the root has been changed to /usr/bin/rssh instead on /bin/bash ?

downer · Post by **downer** » Thu Jan 31, 2008 1:30 pm

steve_zr wrote:When i try using su it gives me a permission denied message, is this due to a wrong password or it is because of the /etc/passwd file for the root has been changed to /usr/bin/rssh instead on /bin/bash ?

does /usr/bin/rssh exist? and is it a valid shell..?
try running

Code: Select all

$ su -s /bin/bash

you can specify shell with -s.

//D

Post by Hu » Fri Feb 01, 2008 3:35 am

The easiest way to fix this is to halt the machine, boot a LiveCD, and modify /etc/passwd using the LiveCD environment. You will be down for the duration, but it is straightforward and much less trouble than trying to find a security flaw in the current configuration.

downer · Post by **downer** » Fri Feb 01, 2008 9:04 am

Hu wrote:The easiest way to fix this is to halt the machine, boot a LiveCD, and modify /etc/passwd using the LiveCD environment. You will be down for the duration, but it is straightforward and much less trouble than trying to find a security flaw in the current configuration.

easier than running su with a working shell and fixing it from there..?

//D

schachti · Post by **schachti** » Fri Feb 01, 2008 10:04 am

downer wrote:easier than running su with a working shell and fixing it from there..?

Which will only work

* if there is another user account on that machine,
* if he knows the password of this account, and
* if this account is member of the wheel group.

downer · Post by **downer** » Fri Feb 01, 2008 10:26 am

schachti wrote:Which will only work

* if there is another user account on that machine,
* if he knows the password of this account, and
* if this account is member of the wheel group.

true, but it is a good place to start, rather than bringing out the big guns at once, right?
from what steve_zr wrote:

Well unfortunately I haven't been given the su password so i cant do that, is there a way of upgrading another account to a root without the need for the root account or am i in trouble.

I got the impression that he at least is able to login as a normal user, meaning the first 2 points are not really an issue and if he was following the install guide chances are the user is in wheel.

//D

Post by Hu » Sat Feb 02, 2008 4:47 am

downer wrote:
schachti wrote:Which will only work

* if there is another user account on that machine,
* if he knows the password of this account, and
* if this account is member of the wheel group.
true, but it is a good place to start, rather than bringing out the big guns at once, right?
from what steve_zr wrote:
Well unfortunately I haven't been given the su password so i cant do that, is there a way of upgrading another account to a root without the need for the root account or am i in trouble.
I got the impression that he at least is able to login as a normal user, meaning the first 2 points are not really an issue and if he was following the install guide chances are the user is in wheel.

//D

He is not following the installation guide. He has inherited a fully installed system. He does not have the root password. He does not have sudo access, as far as we know. The only way he can attain superuser access is to get the root password, to get into an account with sudo access, or to find some security flaw that can be exploited for a privilege escalation attack. I presume that he cannot get the root password or he would have done so by now. Similarly, I presume that sudo is not enabled for any user or he would have mentioned it.

Finally, the fact that root is using rssh instead of sh or bash is not a good sign, and may impact his ability to administer the system even if he managed to run a shell as root. Therefore, I suggested using the LiveCD so that he could fix the shell at the same time as he changes the root password.

downer · Post by **downer** » Mon Feb 04, 2008 8:26 am

Hu wrote:He is not following the installation guide. He has inherited a fully installed system. He does not have the root password. He does not have sudo access, as far as we know. The only way he can attain superuser access is to get the root password, to get into an account with sudo access, or to find some security flaw that can be exploited for a privilege escalation attack. I presume that he cannot get the root password or he would have done so by now. Similarly, I presume that sudo is not enabled for any user or he would have mentioned it.

Finally, the fact that root is using rssh instead of sh or bash is not a good sign, and may impact his ability to administer the system even if he managed to run a shell as root. Therefore, I suggested using the LiveCD so that he could fix the shell at the same time as he changes the root password.

Well, maybe the person who set it up did..? Someone gave him access to the computer, and we don't know if he has sudo access or not (from the looks of it, asking how to use sudo or su implies that he does not know himself), thus simply typing "su -" or "sudo bash" seemed like a logical first step to see if it worked, if it doesn't by all means, reboot the system.

//D

padoor · Post by **padoor** » Mon Feb 04, 2008 8:33 am

you can boot with cd and chroot into your system and make new passwd.
how do you login now?
try same passwd for root also.
if it wouldnt work then make new passwd from cd boot up.

steve_zr · Post by **steve_zr** » Tue Feb 05, 2008 12:03 pm

Sorry it has taken me so long to reply, i have been on holiday

I have gotten the root password but su or sudo do not work, i have not been made part of the 'wheel' by the looks of this.

As HU said i have inherited a fully installed system without any training on how to use it unfortunately, i will try the live cd now in order to try and gain access that way. Is there anything i need to try before this or is there anything i need to be aware of?

Thankyou for being so helpful both

steve_zr · Post by **steve_zr** » Tue Feb 05, 2008 12:13 pm

Good news everyone!!!! (i've always wanted to say that)

We managed to fix the problem by logging on using the "single" user account when booting coupled with the "init=/bin/bash/" command at the grub boot screen. Which then enabled me to reset the password and the shell.

I'm not sure how we stumbled across that but thankyou everyone for your help

No doubt you will be hearing from me on a regular basis