From owner-freebsd-questions@FreeBSD.ORG Thu Aug 5 10:13:56 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 72DDB16A4CE for ; Thu, 5 Aug 2004 10:13:56 +0000 (GMT) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 166CE43D53 for ; Thu, 5 Aug 2004 10:13:55 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1])i75ADaOK059255 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 5 Aug 2004 11:13:36 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id i75ADaYq059254; Thu, 5 Aug 2004 11:13:36 +0100 (BST) (envelope-from matthew) Date: Thu, 5 Aug 2004 11:13:35 +0100 From: Matthew Seaman To: Thomas Krause Message-ID: <20040805101335.GA46295@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , Thomas Krause , freebsd-questions@freebsd.org References: <1987.212.78.101.51.1091694018.squirrel@mta.webmatic.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="liOOAslEiF7prFVr" Content-Disposition: inline In-Reply-To: <1987.212.78.101.51.1091694018.squirrel@mta.webmatic.de> User-Agent: Mutt/1.5.6i X-Greylist: Message not sent from an IPv4 address, not delayed by milter-greylist-1.5.3 (smtp.infracaninophile.co.uk [0.0.0.0]); Thu, 05 Aug 2004 11:13:36 +0100 (BST) X-Virus-Scanned: clamd / ClamAV version devel-20040705, clamav-milter version 0.74a on smtp.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk cc: freebsd-questions@freebsd.org Subject: Re: Only root is able to login X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Aug 2004 10:13:56 -0000 --liOOAslEiF7prFVr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Aug 05, 2004 at 10:20:18AM +0200, Thomas Krause wrote: > Hello, > I've a big problem, that only root is able to login to a new FreeBSD 5.2.1 > box. Neither login nor su works. I've no local access to the machine. > A ftp-login is possible for normal users. For the sake of the archives, I will point out: http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/admin.html#SU-WHEE= L-GROUP which is the usual cause of this sort of thing, but apparently not in this case. =20 > mdm-online:/ # su - abc > su: /bin/sh: Permission denied >=20 > mdm-online:/ # login abc > Password: > Copyright (c) 1992-2004 The FreeBSD Project. > Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 > The Regents of the University of California. All rights reserved. >=20 > FreeBSD 5.2.1-RELEASE-p9 (MDM-ONLINE) #1: Mon Jul 26 22:24:58 CEST 2004 >=20 > Welcome to FreeBSD! >=20 > login: /bin/sh: No such file or directory At a guess: both login(1) and su(1) are meant to be SUID programs: % ls -la /usr/bin/su /usr/bin/login -r-sr-xr-x 1 root wheel 21824 Jun 6 14:29 /usr/bin/login* -r-sr-xr-x 1 root wheel 8200 Jun 6 14:29 /usr/bin/su* They won't work without that SUID bit. Sounds to me as if someone has been a bit heavy handed trying to lock down the system. Or else the system was installed by copying from somewhere else, but using a method which automatically drops SUID and similar bits. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --liOOAslEiF7prFVr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (FreeBSD) iD8DBQFBEghPiD657aJF7eIRAvN9AKCjMgB+aFwXpNYBv7uBvGDl281z2QCdFRwi amH9O2VE1h+DJfNT/UDNAns= =c9Kg -----END PGP SIGNATURE----- --liOOAslEiF7prFVr--