Re: Huge mistake: lost shell :(
- From: per@xxxxxxxxxxxx (Per Hedeland)
- Date: Wed, 22 Feb 2006 07:53:36 +0000 (UTC)
In article <20060222.0117.5593snz@xxxxxxxxxxxxxxxxxxxx>
snews@xxxxxxxxxxxxxxxxxxxx (David Lord) writes:
On Tuesday, in article <460gpmF8sjj3U1@xxxxxxxxxxxxxx>
me@xxxxxxxxxxx "Jean-Yves Avenard" wrote:
While configuring shell accounts, in my haste I changed the shell of the
Unfortunately it was the only user in the wheel group..
So now I can't log into this machine (I do not have physical access to
I have access to a simple user account though.
I thought of doing something like:
su -f -m user_inwheel -c "chsh /bin/sh"
but that doesn't work, I always get "su: permission denied (shell)."
How could I change the shell of this user.
I know the root password, the user in wheel group password etc.
If you have default /etc/login.access
Hm, I almost thought that you had found a way to circumvent the wheel
requirement for "su", but 'login root' (as should be expected really)
seems to be subject to the normal restriction that you can only log in
as root on ttys specified as "secure" in /etc/ttys. I.e. the above
cannot be done from a network login on a system with default /etc/ttys -
and it was already stated that physical access was not available.
I found this thread interesting, but let's face it - the security model
of (Free)BSD says that you should not be able to become root without
physical access or wheel membership, even if you know the root password
- i.e. if a solution is found, it's either a bug or the result of
(intentionally or not) previously having overridden the security model
(e.g. by installing sudo with certain config, or marking a bunch of
pseudo-ttys as "secure").
Of course hunting for "unintentional overrides" can be fun:-) - e.g., I
don't suppose the shell for the wheel-member user can be replaced by an
unprivileged user, via direct overwrite or through some directory in the
path to it being writable?
- Prev by Date: incorrect superblock
- Next by Date: Re: Huge mistake: lost shell :(
- Previous by thread: Re: Huge mistake: lost shell :(
- Next by thread: Re: Huge mistake: lost shell :(