Re: Huge mistake: lost shell :(

In article <dth5a0$kon$1@xxxxxxxxxxxx>, Per Hedeland <per@xxxxxxxxxxxx> wrote:
In article <20060222.0117.5593snz@xxxxxxxxxxxxxxxxxxxx>
snews@xxxxxxxxxxxxxxxxxxxx (David Lord) writes:
On Tuesday, in article <460gpmF8sjj3U1@xxxxxxxxxxxxxx>
me@xxxxxxxxxxx "Jean-Yves Avenard" wrote:

Hi

While configuring shell accounts, in my haste I changed the shell of the
wrong user.
Unfortunately it was the only user in the wheel group..

So now I can't log into this machine (I do not have physical access to
the machine)

I have access to a simple user account though.

I thought of doing something like:
su -f -m user_inwheel -c "chsh /bin/sh"

but that doesn't work, I always get "su: permission denied (shell)."

How could I change the shell of this user.
I know the root password, the user in wheel group password etc.

Any ideas?

If you have default /etc/login.access

login root

Hm, I almost thought that you had found a way to circumvent the wheel
requirement for "su", but 'login root' (as should be expected really)
seems to be subject to the normal restriction that you can only log in
as root on ttys specified as "secure" in /etc/ttys. I.e. the above
cannot be done from a network login on a system with default /etc/ttys -
and it was already stated that physical access was not available.

I found this thread interesting, but let's face it - the security model
of (Free)BSD says that you should not be able to become root without
physical access or wheel membership, even if you know the root password
- i.e. if a solution is found, it's either a bug or the result of
(intentionally or not) previously having overridden the security model
(e.g. by installing sudo with certain config, or marking a bunch of
pseudo-ttys as "secure").

Of course hunting for "unintentional overrides" can be fun:-) - e.g., I
don't suppose the shell for the wheel-member user can be replaced by an
unprivileged user, via direct overwrite or through some directory in the
path to it being writable?

Now if you know the root password - something you weren't supposed
to have - then probably you also know the password of someone
in the wheel group.

In that case you su to the wheel-group-user, and then su to root.
Bingo.

I've always thought that should be changed so you check the real
user ID and not the effective user ID before letting a person su to
root and make sure they are really a person in wheel.

But that's just my view of things.

Bill
--
Bill Vermillion - bv @ wjv . com
.

Relevant Pages

  • Re: Huge mistake: lost shell :(
    ... While configuring shell accounts, in my haste I changed the shell of the ... So now I can't log into this machine (I do not have physical access to ... I know the root password, the user in wheel group password etc. ...
    (comp.unix.bsd.freebsd.misc)
  • SU vulnerability
    ... Long time ago I decided to protect my system by allowing *ONLY* users in wheel ... group to su to root. ... This allows to protect the system. ... Anyone who knows the root password logs in as regular user, ...
    (Fedora)
  • Re: Great SWT Program
    ... I then have a shell running as root, ... prompt for the root password when run by a regular user. ...
    (comp.lang.java.programmer)
  • GNU su and the wheel group
    ... Apparently there are some versions of su which will refuse to run unless ... the user is a member of the `wheel' group. ... If someone has the root password, can't they just log in as root from a ...
    (comp.security.unix)
  • Re: Wheel Group users get root access without password prompt in 6.2
    ... I think you donot have a root password it may be blank. ... This is the 2nd time that I am facing this root password problem in FreeBSD-6.2. ... I had even created a user account in the wheel group. ... I again have to manually set the root password and create a user account once again. ...
    (freebsd-questions)