Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 5 Aug 2004 11:13:35 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Thomas Krause <fq@chef-ingenieur.de>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Only root is able to login
Message-ID:  <20040805101335.GA46295@happy-idiot-talk.infracaninophile.co.uk>
In-Reply-To: <1987.212.78.101.51.1091694018.squirrel@mta.webmatic.de>
References:  <1987.212.78.101.51.1091694018.squirrel@mta.webmatic.de>
next in thread | previous in thread | raw e-mail | index | archive | help 

--liOOAslEiF7prFVr
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Aug 05, 2004 at 10:20:18AM +0200, Thomas Krause wrote:
> Hello,
> I've a big problem, that only root is able to login to a new FreeBSD 5.2.1
> box. Neither login nor su works. I've no local access to the machine.
> A ftp-login is possible for normal users.

For the sake of the archives, I will point out:

    http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/admin.html#SU-WHEE=
L-GROUP

which is the usual cause of this sort of thing, but apparently not in
this case.
=20
> mdm-online:/ # su - abc
> su: /bin/sh: Permission denied
>=20
> mdm-online:/ # login abc
> Password:
> Copyright (c) 1992-2004 The FreeBSD Project.
> Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
>         The Regents of the University of California. All rights reserved.
>=20
> FreeBSD 5.2.1-RELEASE-p9 (MDM-ONLINE) #1: Mon Jul 26 22:24:58 CEST 2004
>=20
> Welcome to FreeBSD!
>=20
> login: /bin/sh: No such file or directory

At a guess: both login(1) and su(1) are meant to be SUID programs:

    % ls -la /usr/bin/su /usr/bin/login
    -r-sr-xr-x  1 root  wheel  21824 Jun  6 14:29 /usr/bin/login*
    -r-sr-xr-x  1 root  wheel   8200 Jun  6 14:29 /usr/bin/su*

They won't work without that SUID bit.  Sounds to me as if someone has
been a bit heavy handed trying to lock down the system.  Or else the
system was installed by copying from somewhere else, but using a
method which automatically drops SUID and similar bits.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--liOOAslEiF7prFVr
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (FreeBSD)

iD8DBQFBEghPiD657aJF7eIRAvN9AKCjMgB+aFwXpNYBv7uBvGDl281z2QCdFRwi
amH9O2VE1h+DJfNT/UDNAns=
=c9Kg
-----END PGP SIGNATURE-----

--liOOAslEiF7prFVr--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040805101335.GA46295>